6.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2024-0406

GHSA ID

GHSA-rhh4-rh7c-7r5v

EPSS Score

0.92842%

CWE

CWE-22

Published

4/6/2024

Updated

5/7/2025

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-0406

CVE-2024-0406: Archiver Path Traversal vulnerability

A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges using the library.

(GitHub Advisory)

6.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2024-0406

GHSA ID

GHSA-rhh4-rh7c-7r5v

EPSS Score

0.92842%

CWE

CWE-22

Published

4/6/2024

Updated

5/7/2025

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/mholt/archiver/v3	go	>= 3.0.0, <= 3.5.1
github.com/mholt/archiver	go	>= 3.0.0, <= 3.5.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability is a path traversal flaw in the mholt/archiver package when unpacking tar archives, specifically exploitable via crafted symlinks. I analyzed the tar.go file from the mholt/archiver repository. The Extract method within this file is responsible for reading tar archive entries. It extracts hdr.Name and hdr.Linkname (symlink target) from the archive. These values, which can be controlled by an attacker crafting a malicious tar file, are then passed to a handleFile callback function. The vulnerability arises if this handleFile callback (which is implemented by the user of the archiver library) uses these paths to create files or symlinks on the filesystem without proper sanitization (e.g., resolving and checking if the path is within the intended destination directory). The Extract function is the library's component that directly processes the malicious archive's structure and passes the unsafe path information to the part of the code that will perform the file system write. Therefore, it is a key function that would appear in a runtime profile during exploitation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* *l*w w*s *is*ov*r** in t** m*olt/*r**iv*r p**k***. T*is *l*w *llows *n *tt**k*r to *r**t* * sp**i*lly *r**t** t*r *il*, w*i**, w**n unp**k**, m*y *llow ****ss to r*stri*t** *il*s or *ir**tori*s. T*is issu* **n *llow t** *r**tion or ov*rwritin* o* *

Reasoning

T** vuln*r**ility is * p*t* tr*v*rs*l *l*w in t** m*olt/*r**iv*r p**k*** w**n unp**kin* t*r *r**iv*s, sp**i*i**lly *xploit**l* vi* *r**t** symlinks. I *n*lyz** t** `t*r.*o` *il* *rom t** `m*olt/*r**iv*r` r*pository. T** `*xtr**t` m*t*o* wit*in t*is *

6.1

Basic Information

Concerned about an active attack path?

CVE-2024-0406: Archiver Path Traversal vulnerability

6.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI