Platform
ruby
Component
archive-tar-minitar
Fixed in
0.5.2
CVE-2016-10173 describes a directory traversal vulnerability found in the archive-tar-minitar gem, a Ruby library used for handling TAR archives. This flaw allows a malicious actor to write to arbitrary files on the system by crafting a specially designed TAR archive containing .. sequences in its entry names. Versions of archive-tar-minitar prior to 0.5.2 are affected, and a fix has been released.
The core impact of CVE-2016-10173 lies in its ability to bypass file system restrictions. An attacker can leverage this vulnerability to overwrite critical system files, potentially leading to complete system compromise. By including malicious entries with relative paths (e.g., ../../../../etc/passwd) within a TAR archive, an attacker can manipulate the target system's file structure. This could result in privilege escalation, data exfiltration, or denial of service. The severity is heightened by the ease with which TAR archives can be created and distributed, making exploitation relatively straightforward.
CVE-2016-10173 was publicly disclosed in 2017. While no active exploitation campaigns have been definitively linked to this specific vulnerability, the ease of exploitation and the potential for significant impact make it a persistent risk. No KEV listing is available. Public proof-of-concept exploits are available, demonstrating the vulnerability's feasibility.
Exploit Status
EPSS
2.92% (86% percentile)
CVSS Vector
The primary mitigation for CVE-2016-10173 is to upgrade the archive-tar-minitar gem to version 0.5.2 or later. If upgrading is not immediately feasible due to compatibility issues or application downtime concerns, consider implementing input validation on TAR archives before processing them. Specifically, sanitize archive entry names to prevent the inclusion of .. sequences. Web application firewalls (WAFs) can be configured to block requests containing suspicious TAR archive uploads. After upgrading, confirm the fix by attempting to extract a TAR archive containing a malicious path traversal sequence and verifying that the extraction fails with an appropriate error message.
No official patch available. Check for workarounds or monitor for updates.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2016-10173 is a Path Traversal vulnerability in the archive-tar-minitar Ruby gem, allowing attackers to write arbitrary files via TAR archive manipulation.
You are affected if you are using archive-tar-minitar versions 0.5.1 or earlier. Upgrade to 0.5.2 or later to mitigate the risk.
Upgrade the archive-tar-minitar gem to version 0.5.2 or later using your Ruby package manager (e.g., gem install archive-tar-minitar -v 0.5.2).
While no confirmed active campaigns are publicly known, the vulnerability's ease of exploitation makes it a potential risk.
Refer to the Ruby Security Advisory for details: https://rubysec.com/archives/3361
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your Gemfile.lock file and we'll tell you instantly if you're affected.