CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 1CVE-2018-20482 – Ubuntu Security Notice USN-4692-1
https://notcve.org/view.php?id=CVE-2018-20482
26 Dec 2018 — GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root). GNU Tar, hasta la versión 1.30, cuando se emplea --sparse, gestiona de manera incorrecta el encogimiento de archivos durante el acceso de lectura, lo que permite que usuarios locales provoq... • http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 2CVE-2016-6321 – GNU tar 1.29 Extract Pathname Bypass
https://notcve.org/view.php?id=CVE-2016-6321
27 Oct 2016 — Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER. Vulnerabilidad de salto de directorio en la función safer_name_suffix en GNU tar 1.14 hasta la versión 1.29 podrían permitir a atacantes remotos eludir un mecanismo de protección previsto y escribir en archivos arbitarios ... • https://packetstorm.news/files/id/139370 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 1%CPEs: 36EXPL: 1CVE-2010-0624 – cpio: Heap-based buffer overflow by expanding a specially-crafted archive
https://notcve.org/view.php?id=CVE-2010-0624
12 Mar 2010 — Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character. Desbordamiento de búfer basado en pila en la función rmt_read__ en lib/rtapelib.c en la funcionalidad de cliente rmt en GNU tar anterior v1.23 y... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 1CVE-2007-4476 – GNU TAR 1.15.91 / CPIO 2.5.90 - 'safer_name_suffix' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-4476
05 Sep 2007 — Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack." Desbordamiento de búfer en la función safer_name_suffix en GNU tar tienen un vector de ataque sin especificar y un impacto, teniendo como resultado una "caida de pila". • https://www.exploit-db.com/exploits/30766 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 10%CPEs: 23EXPL: 0CVE-2007-4131 – tar directory traversal vulnerability
https://notcve.org/view.php?id=CVE-2007-4131
25 Aug 2007 — Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive. Vulnerabilidad de salto de directorio en la función contains_dot_dot de src/names.c en GNU tar permite a atacantes remotos con la complicidad del usuario sobre-escribir ficheros de su elección mediante determinadas secuencias //.. (barra barra punto punto) en los... • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251921 •
CVSS: 9.1EPSS: 2%CPEs: 2EXPL: 4CVE-2006-6097 – GNU Tar 1.1x - 'GNUTYPE_NAMES' Directory Traversal
https://notcve.org/view.php?id=CVE-2006-6097
24 Nov 2006 — GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216. GNU tar 1.16 y 1.15.1, y posiblemente otras versiones, permiten a un atacante con la intervención del usuario sobreescribir ficheros de su elección a través del fichero tar que con... • https://www.exploit-db.com/exploits/29160 •
CVSS: 9.8EPSS: 26%CPEs: 5EXPL: 0CVE-2006-0300
https://notcve.org/view.php?id=CVE-2006-0300
24 Feb 2006 — Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers. • http://docs.info.apple.com/article.html?artnum=305214 •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2005-1918 – tar archive path traversal issue
https://notcve.org/view.php?id=CVE-2005-1918
31 Dec 2005 — The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/". • ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2005-2541
https://notcve.org/view.php?id=CVE-2005-2541
10 Aug 2005 — Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges. • http://marc.info/?l=bugtraq&m=112327628230258&w=2 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2002-1216
https://notcve.org/view.php?id=CVE-2002-1216
21 Oct 2002 — GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check. GNU tar 1.13.19 y otras versiones anteriores a 1.13.25 permite a atacantes remotos sobreescribir ficheros arbitrarios mediante un ataque de enlaces simbólicos (symlink), como resultado de una modificación que tiene como efecto desactivar la comprobación de seguridad. • http://marc.info/?l=bugtraq&m=103419290219680&w=2 •