Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
feep libtar vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2021-33643
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.
Feep Libtar
Huawei Openeuler 20.03
Huawei Openeuler 22.03
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
8.1
CVSSv3
CVE-2021-33644
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read.
Feep Libtar
Huawei Openeuler 20.03
Huawei Openeuler 22.03
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
7.5
CVSSv3
CVE-2021-33645
The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak.
Feep Libtar
Huawei Openeuler 20.03
Huawei Openeuler 22.03
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
7.5
CVSSv3
CVE-2021-33646
The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak.
Feep Libtar
Huawei Openeuler 20.03
Huawei Openeuler 22.03
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
NA
CVE-2013-4420
Multiple directory traversal vulnerabilities in the (1) tar_extract_glob and (2) tar_extract_all functions in libtar 1.2.20 and previous versions allow remote malicious users to overwrite arbitrary files via a .. (dot dot) in a crafted tar file.
Feep Libtar 1.2.16
Feep Libtar 1.2.17
Feep Libtar 1.2.18
Feep Libtar 1.2.19
Feep Libtar 1.2.11
Feep Libtar 1.2.14
Feep Libtar 1.2.13
Feep Libtar 1.2.15
Feep Libtar
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started