{"id":"CVE-2011-5325","details":"Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.","modified":"2026-01-27T04:11:01.052250Z","published":"2017-08-07T17:29:00Z","withdrawn":"2026-01-27T04:11:01.052250Z","related":["SUSE-SU-2021:3531-1","SUSE-SU-2022:0135-1","SUSE-SU-2022:0135-2","SUSE-SU-2022:3959-1","SUSE-SU-2022:4253-1","openSUSE-SU-2021:1408-1","openSUSE-SU-2021:3531-1","openSUSE-SU-2022:0135-1","openSUSE-SU-2024:11738-1"],"references":[{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html"},{"type":"EVIDENCE","url":"http://seclists.org/fulldisclosure/2019/Jun/18"},{"type":"EVIDENCE","url":"http://seclists.org/fulldisclosure/2020/Aug/20"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2015/10/21/7"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1274215"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html"},{"type":"EVIDENCE","url":"https://seclists.org/bugtraq/2019/Jun/14"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3935-1/"}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}