Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.
Published 2020-11-19 19:15:12
Updated 2022-01-06 14:17:59
Source MITRE
View at NVD,   CVE.org

CVE-2020-28949 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:
PEAR Archive_Tar Deserialization of Untrusted Data Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
PEAR Archive_Tar allows an unserialization attack because phar: is blocked but PHAR: is not blocked. PEAR stands for PHP Extension and Application Repository and it is an open-source framework and distribution system for reusable PHP components with known usage in third-party products such as Drupal
Notes:
https://pear.php.net/bugs/bug.php?id=27002, https://www.drupal.org/sa-core-2020-013, https://access.redhat.com/security/cve/cve-2020-28949
Added on 2022-08-25 Action due date 2022-09-15

Exploit prediction scoring system (EPSS) score for CVE-2020-28949

Probability of exploitation activity in the next 30 days: 96.48%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2020-28949

  • PEAR Archive_Tar 1.4.10 Arbitrary File Write
    Disclosure Date: 2020-11-17
    First seen: 2021-03-12
    exploit/multi/fileformat/archive_tar_arb_file_write
    This module takes advantages of Archive_Tar <= 1.4.10's lack of validation of file stream wrappers contained within filenames to write an arbitrary file containing user controlled content to an arbitrary file on disk. Note that the file will be written to disk with the

CVSS scores for CVE-2020-28949

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source
6.8
MEDIUM AV:N/AC:M/Au:N/C:P/I:P/A:P
8.6
6.4
NIST
7.8
HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1.8
5.9
NIST

CWE ids for CVE-2020-28949

References for CVE-2020-28949

Products affected by CVE-2020-28949

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!