{"id":"DEBIAN-CVE-2005-1918","details":"The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an \"incorrect optimization\" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving \"/../\" sequences with a leading \"/\".","modified":"2026-04-28T20:03:31.944430Z","published":"2005-12-31T05:00:00Z","upstream":["CVE-2005-1918"],"references":[{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2005-1918"}],"affected":[{"package":{"name":"tar","ecosystem":"Debian:11","purl":"pkg:deb/debian/tar?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.14-2.2"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2005-1918.json"}},{"package":{"name":"tar","ecosystem":"Debian:12","purl":"pkg:deb/debian/tar?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.14-2.2"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2005-1918.json"}},{"package":{"name":"tar","ecosystem":"Debian:13","purl":"pkg:deb/debian/tar?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.14-2.2"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2005-1918.json"}},{"package":{"name":"tar","ecosystem":"Debian:14","purl":"pkg:deb/debian/tar?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.14-2.2"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2005-1918.json"}}],"schema_version":"1.7.5"}