// For flags

CVE-2007-4476

GNU TAR 1.15.91 / CPIO 2.5.90 - 'safer_name_suffix' Remote Denial of Service

Severity Score

7.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."

Desbordamiento de búfer en la función safer_name_suffix en GNU tar tienen un vector de ataque sin especificar y un impacto, teniendo como resultado una "caida de pila".

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-08-22 CVE Reserved
  • 2007-09-05 CVE Published
  • 2007-11-14 First Exploit
  • 2024-07-09 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (37)
URL Tag Source
http://bugs.gentoo.org/show_bug.cgi?id=196978 Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691 Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 Third Party Advisory
http://secunia.com/advisories/26987 Third Party Advisory
http://secunia.com/advisories/27331 Third Party Advisory
http://secunia.com/advisories/27453 Third Party Advisory
http://secunia.com/advisories/27514 Third Party Advisory
http://secunia.com/advisories/27681 Third Party Advisory
http://secunia.com/advisories/27857 Third Party Advisory
http://secunia.com/advisories/28255 Third Party Advisory
http://secunia.com/advisories/29968 Third Party Advisory
http://secunia.com/advisories/32051 Third Party Advisory
http://secunia.com/advisories/33567 Third Party Advisory
http://secunia.com/advisories/39008 Third Party Advisory
http://www.securityfocus.com/bid/26445 Third Party Advisory
https://issues.rpath.com/browse/RPL-1861 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7114 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8599 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9336 Signature
URL Date SRC
https://www.exploit-db.com/exploits/30766 2007-11-14
URL Date SRC
http://secunia.com/advisories/26674 2021-05-17
URL Date SRC
http://security.gentoo.org/glsa/glsa-200711-18.xml 2021-05-17
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021680.1-1 2021-05-17
http://www.debian.org/security/2007/dsa-1438 2021-05-17
http://www.debian.org/security/2008/dsa-1566 2021-05-17
http://www.mandriva.com/security/advisories?name=MDKSA-2007:197 2021-05-17
http://www.mandriva.com/security/advisories?name=MDKSA-2007:233 2021-05-17
http://www.novell.com/linux/security/advisories/2007_18_sr.html 2021-05-17
http://www.novell.com/linux/security/advisories/2007_19_sr.html 2021-05-17
http://www.redhat.com/support/errata/RHSA-2010-0141.html 2021-05-17
http://www.redhat.com/support/errata/RHSA-2010-0144.html 2021-05-17
http://www.ubuntu.com/usn/usn-650-1 2021-05-17
http://www.ubuntu.com/usn/usn-709-1 2021-05-17
https://bugzilla.redhat.com/show_bug.cgi?id=280961 2010-03-16
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00073.html 2021-05-17
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00370.html 2021-05-17
https://access.redhat.com/security/cve/CVE-2007-4476 2010-03-16
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Gnu
Search vendor "Gnu"
 Tar
Search vendor "Gnu" for product "Tar"
 < 1.19
Search vendor "Gnu" for product "Tar" and version " < 1.19"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 3.1
Search vendor "Debian" for product "Debian Linux" and version "3.1"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 4.0
Search vendor "Debian" for product "Debian Linux" and version "4.0"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 6.06
Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 7.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "7.04"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 7.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "7.10"
-
Affected