Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
feep libtar vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2021-33643
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.
Feep Libtar
Huawei Openeuler 20.03
Huawei Openeuler 22.03
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
8.1
CVSSv3
CVE-2021-33644
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read.
Feep Libtar
Huawei Openeuler 20.03
Huawei Openeuler 22.03
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
7.5
CVSSv3
CVE-2021-33646
The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak.
Feep Libtar
Huawei Openeuler 20.03
Huawei Openeuler 22.03
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
7.5
CVSSv3
CVE-2021-33645
The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak.
Feep Libtar
Huawei Openeuler 20.03
Huawei Openeuler 22.03
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
NA
CVE-2013-4420
Multiple directory traversal vulnerabilities in the (1) tar_extract_glob and (2) tar_extract_all functions in libtar 1.2.20 and previous versions allow remote malicious users to overwrite arbitrary files via a .. (dot dot) in a crafted tar file.
Feep Libtar 1.2.16
Feep Libtar 1.2.17
Feep Libtar 1.2.18
Feep Libtar 1.2.19
Feep Libtar 1.2.11
Feep Libtar 1.2.14
Feep Libtar 1.2.13
Feep Libtar 1.2.15
Feep Libtar
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started