CVSS: 9.4EPSS: 0%CPEs: 7EXPL: 0CVE-2021-33643 – libtar: out-of-bounds read in gnu_longlink
https://notcve.org/view.php?id=CVE-2021-33643
09 Aug 2022 — An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read. Un atacante que envía un archivo tar diseñado con el tamaño de la estructura de encabezado siendo 0 puede ser capaz de desencadenar una llamada de malloc(0) para una variable gnu_longlink, causando una lectura fuera de límites A flaw was found in libtar. This flaw allows an attacker who submits a crafted tar file with the siz... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC • CWE-125: Out-of-bounds Read •
CVSS: 9.4EPSS: 0%CPEs: 7EXPL: 0CVE-2021-33644 – libtar: out-of-bounds read in gnu_longname
https://notcve.org/view.php?id=CVE-2021-33644
09 Aug 2022 — An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read. Un atacante que envía un archivo tar diseñado con el tamaño de la estructura de cabecera siendo 0 puede ser capaz de desencadenar una llamada de malloc(0) para una variable gnu_longname, causando una lectura fuera de límites A flaw was found in libtar. This flaw allows an attacker who submits a crafted tar file with size in h... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-33645 – libtar: memory leak found in th_read() function
https://notcve.org/view.php?id=CVE-2021-33645
09 Aug 2022 — The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak. La función th_read() no libera una variable t-)th_buf.gnu_longlink después de asignar memoria, lo que puede causar una pérdida de memoria A flaw was found in libtar. This security vulnerability occurs because the th_read() function in libtar doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak. The libtar packages contain a C library f... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-33646 – libtar: memory leak found in th_read() function
https://notcve.org/view.php?id=CVE-2021-33646
09 Aug 2022 — The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak. La función th_read() no libera una variable t-)th_buf.gnu_longname después de asignar memoria, lo que puede causar una pérdida de memoria A flaw was found in libtar. This security vulnerability occurs because the th_read() function in libtar doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak. The libtar packages contain a C library f... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2013-4420 – Debian Security Advisory 2863-1
https://notcve.org/view.php?id=CVE-2013-4420
20 Feb 2014 — Multiple directory traversal vulnerabilities in the (1) tar_extract_glob and (2) tar_extract_all functions in libtar 1.2.20 and earlier allow remote attackers to overwrite arbitrary files via a .. (dot dot) in a crafted tar file. Múltiples vulnerabilidades de salto de directorio en las funciones (1) tar_extract_glob y (2) tar_extract_all en libtar 1.2.20 y anteriores permiten a atacantes remotos sobreescribir archivos arbitrarios a través de un .. (punto punto) en un archivo TAR manipulado. A directory trav... • http://www.debian.org/security/2014/dsa-2863 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 4%CPEs: 9EXPL: 1CVE-2013-4397 – libtar: Heap-based buffer overflows by expanding a specially-crafted archive
https://notcve.org/view.php?id=CVE-2013-4397
10 Oct 2013 — Multiple integer overflows in the th_read function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) name or (2) link in an archive, which triggers a heap-based buffer overflow. Múltiples desbordamientos de entero en la función the_read de lib/block.c en libtar anterior a 1.2.20 permite a atacantes remotos causar una dengación de servicio (crash) y posiblemente ejecuta código de forma arbitraria a través de u... • http://repo.or.cz/w/libtar.git/commitdiff/45448e8bae671c2f7e80b860ae0fc0cedf2bdc04 • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •