CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-48303 – tar: heap buffer overflow at from_header() in list.c via specially crafted checksum
https://notcve.org/view.php?id=CVE-2022-48303
30 Jan 2023 — GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters. A flaw was found in the Tar package. When attempting to read files with old V7 tar format with a specially crafted checksum, an invalid memory read may occur. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRY7VEL4AIG3GLIEVCTOXRZNSVYDYYUD • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 8.6EPSS: 0%CPEs: 7EXPL: 0CVE-2021-37713 – Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization
https://notcve.org/view.php?id=CVE-2021-37713
31 Aug 2021 — The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted. This is, in part, accomplished by sanitizing absolute paths of entries within the archive, skipping archive entries that contain `..` path portions, and resolving the sanitized paths against the extraction target directory... • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.6EPSS: 0%CPEs: 8EXPL: 0CVE-2021-37701 – Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
https://notcve.org/view.php?id=CVE-2021-37701
31 Aug 2021 — The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created. ... • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.6EPSS: 0%CPEs: 9EXPL: 0CVE-2021-37712 – Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
https://notcve.org/view.php?id=CVE-2021-37712
31 Aug 2021 — The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created.... • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.2EPSS: 0%CPEs: 7EXPL: 1CVE-2021-32804 – Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization
https://notcve.org/view.php?id=CVE-2021-32804
03 Aug 2021 — The npm package "tar" (aka node-tar) before versions 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has a arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. node-tar aims to prevent extraction of absolute file paths by turning absolute paths into relative paths when the `preservePaths` flag is not set to `true`. This is achieved by stripping the absolute path root from any absolute file paths contained in a tar file. For example `/home/user/.bashrc` would turn into `home/user/.... • https://github.com/yamory/CVE-2021-32804 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.2EPSS: 0%CPEs: 7EXPL: 0CVE-2021-32803 – Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning
https://notcve.org/view.php?id=CVE-2021-32803
03 Aug 2021 — The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. `node-tar` aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary `stat` calls to determine whether a given path is a directory, paths are cached when directo... • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20193 – Ubuntu Security Notice USN-5329-1
https://notcve.org/view.php?id=CVE-2021-20193
26 Mar 2021 — A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability. Se detectó un fallo en el archivo src/list.c de tar versiones 1.33 y anteriores. Este fallo permite a un atacante que puede enviar un archivo de entrada diseñado a tar causar un consumo no controlado de memoria. • https://bugzilla.redhat.com/show_bug.cgi?id=1917565 • CWE-125: Out-of-bounds Read CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0CVE-2019-9923 – Ubuntu Security Notice USN-4692-1
https://notcve.org/view.php?id=CVE-2019-9923
22 Mar 2019 — pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers. pax_decode_header en sparse.c en GNU Tar, en versiones anteriores a la 1.32, tenía una desreferencia de puntero NULL al analizar ciertos archivos que tenían cabeceras extendidas mal formadas. Chris Siebenmann discovered that tar incorrectly handled extracting files resized during extraction when invoked with the --sparse flag. An attacker could possibly use ... • http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120 • CWE-476: NULL Pointer Dereference •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 1CVE-2018-20482 – Ubuntu Security Notice USN-4692-1
https://notcve.org/view.php?id=CVE-2018-20482
26 Dec 2018 — GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root). GNU Tar, hasta la versión 1.30, cuando se emplea --sparse, gestiona de manera incorrecta el encogimiento de archivos durante el acceso de lectura, lo que permite que usuarios locales provoq... • http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 2CVE-2016-6321 – GNU tar 1.29 Extract Pathname Bypass
https://notcve.org/view.php?id=CVE-2016-6321
27 Oct 2016 — Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER. Vulnerabilidad de salto de directorio en la función safer_name_suffix en GNU tar 1.14 hasta la versión 1.29 podrían permitir a atacantes remotos eludir un mecanismo de protección previsto y escribir en archivos arbitarios ... • https://packetstorm.news/files/id/139370 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •