CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-48303 – tar: heap buffer overflow at from_header() in list.c via specially crafted checksum
https://notcve.org/view.php?id=CVE-2022-48303
30 Jan 2023 — GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters. A flaw was found in the Tar package. When attempting to read files with old V7 tar format with a specially crafted checksum, an invalid memory read may occur. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRY7VEL4AIG3GLIEVCTOXRZNSVYDYYUD • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20193 – Ubuntu Security Notice USN-5329-1
https://notcve.org/view.php?id=CVE-2021-20193
26 Mar 2021 — A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability. Se detectó un fallo en el archivo src/list.c de tar versiones 1.33 y anteriores. Este fallo permite a un atacante que puede enviar un archivo de entrada diseñado a tar causar un consumo no controlado de memoria. • https://bugzilla.redhat.com/show_bug.cgi?id=1917565 • CWE-125: Out-of-bounds Read CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-9923 – Ubuntu Security Notice USN-4692-1
https://notcve.org/view.php?id=CVE-2019-9923
22 Mar 2019 — pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers. pax_decode_header en sparse.c en GNU Tar, en versiones anteriores a la 1.32, tenía una desreferencia de puntero NULL al analizar ciertos archivos que tenían cabeceras extendidas mal formadas. Chris Siebenmann discovered that tar incorrectly handled extracting files resized during extraction when invoked with the --sparse flag. An attacker could possibly use ... • http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120 • CWE-476: NULL Pointer Dereference •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 1CVE-2018-20482 – Ubuntu Security Notice USN-4692-1
https://notcve.org/view.php?id=CVE-2018-20482
26 Dec 2018 — GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root). GNU Tar, hasta la versión 1.30, cuando se emplea --sparse, gestiona de manera incorrecta el encogimiento de archivos durante el acceso de lectura, lo que permite que usuarios locales provoq... • http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 6%CPEs: 21EXPL: 2CVE-2016-6321 – GNU tar 1.29 Extract Pathname Bypass
https://notcve.org/view.php?id=CVE-2016-6321
27 Oct 2016 — Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER. Vulnerabilidad de salto de directorio en la función safer_name_suffix en GNU tar 1.14 hasta la versión 1.29 podrían permitir a atacantes remotos eludir un mecanismo de protección previsto y escribir en archivos arbitarios ... • https://packetstorm.news/files/id/139370 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 3%CPEs: 36EXPL: 1CVE-2010-0624 – cpio: Heap-based buffer overflow by expanding a specially-crafted archive
https://notcve.org/view.php?id=CVE-2010-0624
12 Mar 2010 — Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character. Desbordamiento de búfer basado en pila en la función rmt_read__ en lib/rtapelib.c en la funcionalidad de cliente rmt en GNU tar anterior v1.23 y... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 13%CPEs: 6EXPL: 1CVE-2007-4476 – GNU TAR 1.15.91 / CPIO 2.5.90 - 'safer_name_suffix' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-4476
05 Sep 2007 — Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack." Desbordamiento de búfer en la función safer_name_suffix en GNU tar tienen un vector de ataque sin especificar y un impacto, teniendo como resultado una "caida de pila". • https://www.exploit-db.com/exploits/30766 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 10%CPEs: 23EXPL: 0CVE-2007-4131 – tar directory traversal vulnerability
https://notcve.org/view.php?id=CVE-2007-4131
25 Aug 2007 — Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive. Vulnerabilidad de salto de directorio en la función contains_dot_dot de src/names.c en GNU tar permite a atacantes remotos con la complicidad del usuario sobre-escribir ficheros de su elección mediante determinadas secuencias //.. (barra barra punto punto) en los... • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251921 •
CVSS: 9.1EPSS: 7%CPEs: 2EXPL: 4CVE-2006-6097 – GNU Tar 1.1x - 'GNUTYPE_NAMES' Directory Traversal
https://notcve.org/view.php?id=CVE-2006-6097
24 Nov 2006 — GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216. GNU tar 1.16 y 1.15.1, y posiblemente otras versiones, permiten a un atacante con la intervención del usuario sobreescribir ficheros de su elección a través del fichero tar que con... • https://www.exploit-db.com/exploits/29160 •
CVSS: 9.8EPSS: 18%CPEs: 5EXPL: 0CVE-2006-0300
https://notcve.org/view.php?id=CVE-2006-0300
24 Feb 2006 — Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers. • http://docs.info.apple.com/article.html?artnum=305214 •