Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnu tar vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2016-6321
Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 up to and including 1.29 might allow remote malicious users to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name pa...
Gnu Tar 1.26
Gnu Tar 1.27.1
Gnu Tar 1.23
Gnu Tar 1.29
Gnu Tar 1.25
Gnu Tar 1.22
Gnu Tar 1.18
Gnu Tar 1.19
Gnu Tar 1.20
Gnu Tar 1.17
Gnu Tar 1.27
Gnu Tar 1.15.90
Gnu Tar 1.16
Gnu Tar 1.28
Gnu Tar 1.14
Gnu Tar 1.24
Gnu Tar 1.15.91
Gnu Tar 1.15
Gnu Tar 1.15.1
Gnu Tar 1.21
Gnu Tar 1.16.1
NA
CVE-2007-4131
Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote malicious users to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
Gnu Tar 1.13
Gnu Tar 1.13.5
Gnu Tar 1.13.11
Gnu Tar 1.13.14
Gnu Tar 1.13.16
Gnu Tar 1.13.17
Gnu Tar 1.13.18
Gnu Tar 1.13.19
Gnu Tar 1.13.25
Gnu Tar 1.14
Gnu Tar 1.14.90
Gnu Tar 1.15
Gnu Tar 1.15.1
Gnu Tar 1.15.90
Gnu Tar 1.15.91
Gnu Tar 1.16
NA
CVE-2010-0624
Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar prior to 1.23 and GNU cpio prior to 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending mor...
Gnu Tar 1.14.1
Gnu Tar 1.13.17
Gnu Cpio 2.9
Gnu Tar 1.13.25
Gnu Tar
Gnu Cpio 2.5.90
Gnu Tar 1.13
Gnu Cpio 1.1
Gnu Tar 1.13.5
Gnu Cpio 1.3
Gnu Tar 1.18
Gnu Tar 1.13.18
Gnu Tar 1.19
Gnu Tar 1.20
Gnu Cpio 2.7
Gnu Tar 1.17
Gnu Cpio 1.2
Gnu Tar 1.15.90
Gnu Tar 1.16
Gnu Cpio 2.6
Gnu Cpio
Gnu Tar 1.14
1 Github repository
NA
CVE-2006-0300
Buffer overflow in tar 1.14 up to and including 1.15.90 allows user-assisted malicious users to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.
Gnu Tar 1.14.1
Gnu Tar 1.15.90
Gnu Tar 1.14
Gnu Tar 1.15
Gnu Tar 1.15.1
NA
CVE-2002-1216
GNU tar 1.13.19 and other versions prior to 1.13.25 allows remote malicious users to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check.
Gnu Tar 1.13.19
Gnu Tar
NA
CVE-2006-6097
GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted malicious users to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract...
Gnu Tar 1.16
Gnu Tar 1.15.1
1 EDB exploit
NA
CVE-2001-1267
Directory traversal vulnerability in GNU tar 1.13.19 and previous versions allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot).
Gnu Tar
5.5
CVSSv3
CVE-2021-20193
A flaw was found in the src/list.c of tar 1.33 and previous versions. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.
Gnu Tar
1 Github repository
NA
CVE-2002-0399
Directory traversal vulnerability in GNU tar 1.13.19 up to and including 1.13.25, and possibly later versions, allows malicious users to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash b...
Gnu Tar 1.13.25
NA
CVE-2005-2541
Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote malicious users to gain privileges.
Gnu Tar 1.15.1
6 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »