CVE-2025-69874
CRIT 9.8nanotar through 0.2.0 has a path traversal vulnerability in parseTar() and parseTarGzip() that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted tar archive containing path traversal sequence.
Affected Applications in Environment
15
tar
v2:1.34-7.el9
26 devices
tar
v2:1.30-11.el8_10
5 devices
tar
v1.28-2.1ubuntu0.2
3 devices
tar
v2:1.30-11.el8_10
2 devices
tar
v2:1.34-9.el9_7
1 device
tar
v2:1.34-9.el9_7
1 device
tar
v1.29b-2ubuntu0.4
1 device
tar
v2:1.26-35.el7
1 device
tar
v2:1.34-9.el9_7
2 devices
tar
v1.28-2.1ubuntu0.2+esm3
1 device
tar
v2:1.35-9.el10_1
1 device
tar
v2:1.30-9.el8
1 device
tar
v2:1.30-9.el8
3 devices
tar
v2:1.34-7.el9
1 device
tar
v1.27.1-1ubuntu0.1
1 device
Affected Devices
50
atc.db.usu.edu
Linux
chela03
Linux
chela04
Linux
chela05
Linux
cleanaddressdev.banner.usu.edu
Linux
devjobsub.banner.usu.edu
Linux
dpapsb-161390.aggies.usu.edu
Linux
dpapsb-191594.mypc.usu.edu
Linux
el103-02.ece.usu.edu
Linux
el103-03.ece.usu.edu
Linux
el103-04.ece.usu.edu
Linux
el103-05.ece.usu.edu
Linux
el103-07.ece.usu.edu
Linux
el103-08.ece.usu.edu
Linux
el103-09.ece.usu.edu
Linux
el103-10.ece.usu.edu
Linux
el103-14.ece.usu.edu
Linux
el103-15.ece.usu.edu
Linux
el103-16.ece.usu.edu
Linux
el103-17.ece.usu.edu
Linux
el103-18.ece.usu.edu
Linux
el103-19.ece.usu.edu
Linux
el103-20.ece.usu.edu
Linux
el120-01.ece.usu.edu
Linux
el120-02.ece.usu.edu
Linux
el120-03.ece.usu.edu
Linux
el120-04.ece.usu.edu
Linux
el120-05.ece.usu.edu
Linux
el120-06.ece.usu.edu
Linux
el120-08.ece.usu.edu
Linux
el120-09.ece.usu.edu
Linux
el120-10.ece.usu.edu
Linux
el120-11.ece.usu.edu
Linux
el120-12.ece.usu.edu
Linux
el120-14.ece.usu.edu
Linux
eprocdev.banner.usu.edu
Linux
facreadyprod.pplant.usu.edu
Linux
facreadytestrhel.pplant.usu.edu
Linux
facshibsp2.pplant.usu.edu
Linux
guru.cluster
Linux
hotcheeto
Linux
my2
Linux
oms.db.usu.edu
Linux
paymentworksdev.banner.usu.edu
Linux
thinkstation
Linux
web04a
Linux
web05
Linux
web21
Linux
web22
Linux
zldtst.db.usu.edu
Linux