CVE-2024-0406

moderate-risk

Published 2024-04-06

A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges using the library.

Do I need to act?

17.3% chance of exploitation in next 30 days

EPSS score — higher than 83% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.1/10 Medium

LOCAL / LOW complexity

Affected Products (3)

Archiver

Advanced Cluster Security

Openshift Container Platform

Affected Vendors

Redhat Mholt

References (5)

Third Party Advisory https://access.redhat.com/errata/RHSA-2025:2449

Third Party Advisory https://access.redhat.com/security/cve/CVE-2024-0406

Third Party Advisory https://bugzilla.redhat.com/show_bug.cgi?id=2257749

Third Party Advisory https://access.redhat.com/security/cve/CVE-2024-0406

Third Party Advisory https://bugzilla.redhat.com/show_bug.cgi?id=2257749

/ 100

moderate-risk

Severity 20/34 · Moderate

Exploitability 13/34 · Low

Exposure 9/34 · Low