CVE-2016-10173 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2016-10173 Interim 1 19 2025-11-05T04:13:10Z current 2021-05-30T13:49:15Z 2025-11-05T04:13:10Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2016-10173 Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. (dot dot) in a TAR archive entry. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2021-January/008194.html E-Mail link for SUSE-SU-2021:0115-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Containers 12 openSUSE Tumbleweed ruby2.1-rubygem-archive-tar-minitar-0.5.2-7.3.65 ruby2.7-rubygem-archive-tar-minitar-0.5.2-9.23 ruby2.7-rubygem-minitar-0.9-1.4 ruby3.0-rubygem-archive-tar-minitar-0.5.2-9.23 ruby3.0-rubygem-minitar-0.9-1.4 ruby3.2-rubygem-minitar-0.9-1.13 ruby3.3-rubygem-minitar-0.9-1.17 ruby3.4-rubygem-minitar-0.9-1.19 ruby2.1-rubygem-archive-tar-minitar-0.5.2-7.3.65 as a component of SUSE Linux Enterprise Module for Containers 12 ruby2.7-rubygem-archive-tar-minitar-0.5.2-9.23 as a component of openSUSE Tumbleweed ruby2.7-rubygem-minitar-0.9-1.4 as a component of openSUSE Tumbleweed ruby3.0-rubygem-archive-tar-minitar-0.5.2-9.23 as a component of openSUSE Tumbleweed ruby3.0-rubygem-minitar-0.9-1.4 as a component of openSUSE Tumbleweed ruby3.2-rubygem-minitar-0.9-1.13 as a component of openSUSE Tumbleweed ruby3.3-rubygem-minitar-0.9-1.17 as a component of openSUSE Tumbleweed ruby3.4-rubygem-minitar-0.9-1.19 as a component of openSUSE Tumbleweed Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. (dot dot) in a TAR archive entry. CVE-2016-10173 SUSE Linux Enterprise Module for Containers 12:ruby2.1-rubygem-archive-tar-minitar-0.5.2-7.3.65 openSUSE Tumbleweed:ruby2.7-rubygem-archive-tar-minitar-0.5.2-9.23 openSUSE Tumbleweed:ruby2.7-rubygem-minitar-0.9-1.4 openSUSE Tumbleweed:ruby3.0-rubygem-archive-tar-minitar-0.5.2-9.23 openSUSE Tumbleweed:ruby3.0-rubygem-minitar-0.9-1.4 openSUSE Tumbleweed:ruby3.2-rubygem-minitar-0.9-1.13 openSUSE Tumbleweed:ruby3.3-rubygem-minitar-0.9-1.17 openSUSE Tumbleweed:ruby3.4-rubygem-minitar-0.9-1.19 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N