CVE-2023-2868 (email_security_gateway_300_firmware, email_security_gateway_400_firmware, email_security_gateway_600_firmware, email_security_gateway_800_firmware, email_security_gateway_900_firmware)

A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will …

barracuda command command injection cve cve-2023-2868 email email security factor file gateway injection input input validation product security security gateway tar validation vulnerability