Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnu tar vulnerabilities and exploits
(subscribe to this query)
447
VMScore
CVE-2019-9923
pax_decode_header in sparse.c in GNU Tar prior to 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.
Gnu Tar
Opensuse Leap 15.0
446
VMScore
CVE-2016-6321
Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 up to and including 1.29 might allow remote malicious users to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name pa...
Gnu Tar 1.26
Gnu Tar 1.27.1
Gnu Tar 1.23
Gnu Tar 1.29
Gnu Tar 1.25
Gnu Tar 1.22
Gnu Tar 1.18
Gnu Tar 1.19
Gnu Tar 1.20
Gnu Tar 1.17
Gnu Tar 1.27
Gnu Tar 1.15.90
Gnu Tar 1.16
Gnu Tar 1.28
Gnu Tar 1.14
Gnu Tar 1.24
Gnu Tar 1.15.91
Gnu Tar 1.15
Gnu Tar 1.15.1
Gnu Tar 1.21
Gnu Tar 1.16.1
445
VMScore
CVE-2019-5747
An issue exists in BusyBox up to and including 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP client, server, and/or relay) might allow a remote malicious user to leak sensitive information from the stack by sending a crafted DHCP message. This is related...
Busybox Busybox
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
445
VMScore
CVE-2018-20679
An issue exists in BusyBox prior to 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote malicious user to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in...
Busybox Busybox
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
445
VMScore
CVE-2016-2147
Integer overflow in the DHCP client (udhcpc) in BusyBox prior to 1.25.0 allows remote malicious users to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write.
Busybox Busybox
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 14.04
445
VMScore
CVE-2002-1216
GNU tar 1.13.19 and other versions prior to 1.13.25 allows remote malicious users to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check.
Gnu Tar 1.13.19
Gnu Tar
445
VMScore
CVE-2002-0399
Directory traversal vulnerability in GNU tar 1.13.19 up to and including 1.13.25, and possibly later versions, allows malicious users to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash b...
Gnu Tar 1.13.25
405
VMScore
CVE-2006-6097
GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted malicious users to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract...
Gnu Tar 1.16
Gnu Tar 1.15.1
1 EDB exploit
383
VMScore
CVE-2021-20193
A flaw was found in the src/list.c of tar 1.33 and previous versions. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.
Gnu Tar
1 Github repository
383
VMScore
CVE-2015-9261
huft_build in archival/libarchive/decompress_gunzip.c in BusyBox prior to 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file.
Busybox Busybox
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »