{"id":"CVE-2020-15908","details":"tar/TarFileReader.cpp in Cauldron cbang (aka C-Bang or C!) before 1.6.0 allows Directory Traversal during extraction from a TAR archive.","modified":"2026-04-11T12:40:03.572542Z","published":"2020-07-23T04:15:10.627Z","references":[{"type":"ADVISORY","url":"https://github.com/CauldronDevelopmentLLC/cbang/compare/1.5.1...1.6.0"},{"type":"FIX","url":"https://github.com/CauldronDevelopmentLLC/cbang/commit/1c1dba62bd3e6fa9d0d0c0aa21926043b75382c7"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cauldrondevelopmentllc/cbang","events":[{"introduced":"0"},{"fixed":"33fcfc2b3ed2195a423606a264718e31e6b3903f"},{"fixed":"1c1dba62bd3e6fa9d0d0c0aa21926043b75382c7"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.6.0"}]}}],"versions":["1.0","1.0.1","1.1.0","1.2.0","1.3.0","1.3.1","1.3.2","1.3.3","1.4.0","1.5.0","1.5.1","fah-client-7.5.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15908.json","vanir_signatures":[{"deprecated":false,"id":"CVE-2020-15908-43bbb2bd","signature_type":"Function","signature_version":"v1","digest":{"length":330,"function_hash":"61334291877176663460830981579887394704"},"source":"https://github.com/cauldrondevelopmentllc/cbang/commit/33fcfc2b3ed2195a423606a264718e31e6b3903f","target":{"file":"src/cbang/os/SystemUtilities.cpp","function":"getMaxFiles"}},{"deprecated":false,"id":"CVE-2020-15908-5941743f","signature_type":"Function","signature_version":"v1","digest":{"length":371,"function_hash":"330291312336699062807119318044419557734"},"source":"https://github.com/cauldrondevelopmentllc/cbang/commit/1c1dba62bd3e6fa9d0d0c0aa21926043b75382c7","target":{"file":"src/cbang/tar/TarFileReader.cpp","function":"TarFileReader::extract"}},{"deprecated":false,"id":"CVE-2020-15908-60461297","signature_type":"Function","signature_version":"v1","digest":{"length":393,"function_hash":"134265113046046800593751689400312785263"},"source":"https://github.com/cauldrondevelopmentllc/cbang/commit/33fcfc2b3ed2195a423606a264718e31e6b3903f","target":{"file":"src/cbang/os/SystemUtilities.cpp","function":"setMaxFiles"}},{"deprecated":false,"id":"CVE-2020-15908-93a2fad5","signature_type":"Line","signature_version":"v1","digest":{"line_hashes":["93222263366217280585838268728646987831","117214976741407514925125056241519894051","20328710960668083856589233009977652062","116025860981655107849480347871051534106","333468369182229158366934871405635368184","305312696882548822215394525676486505271","20328710960668083856589233009977652062","116025860981655107849480347871051534106"],"threshold":0.9},"source":"https://github.com/cauldrondevelopmentllc/cbang/commit/33fcfc2b3ed2195a423606a264718e31e6b3903f","target":{"file":"src/cbang/os/SystemUtilities.cpp"}},{"deprecated":false,"id":"CVE-2020-15908-987c4292","signature_type":"Line","signature_version":"v1","digest":{"line_hashes":["42323268789285406099917393496897498123","47861095226362428319389377121679713277","84378934578530421915437068660492534071","173004692445328327383613338185261069104","292874264989561364870479856867659474619","73885368114660467223094850905399786686"],"threshold":0.9},"source":"https://github.com/cauldrondevelopmentllc/cbang/commit/1c1dba62bd3e6fa9d0d0c0aa21926043b75382c7","target":{"file":"src/cbang/tar/TarFileReader.cpp"}}],"vanir_signatures_modified":"2026-04-11T12:40:03Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}