Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnu tar vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2019-9923
pax_decode_header in sparse.c in GNU Tar prior to 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.
Gnu Tar
Opensuse Leap 15.0
NA
CVE-2022-48303
GNU Tar up to and including 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime h...
Gnu Tar
Fedoraproject Fedora 37
Fedoraproject Fedora 38
1.9
CVSSv2
CVE-2018-20482
GNU Tar up to and including 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different u...
Gnu Tar
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Opensuse Leap 15.0
2.6
CVSSv2
CVE-2005-1918
The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted malicious users to overwrite arbitrary files via a crafted tar file, probably involving &q...
Gnu Tar 1.13.25
Redhat Enterprise Linux 2.1
Redhat Enterprise Linux Desktop 3.0
Redhat Linux Advanced Workstation 2.1
Redhat Enterprise Linux 3.0
7.5
CVSSv2
CVE-2007-4476
Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."
Gnu Tar
Debian Debian Linux 3.1
Debian Debian Linux 4.0
Canonical Ubuntu Linux 6.06
Canonical Ubuntu Linux 7.04
Canonical Ubuntu Linux 7.10
1 EDB exploit
1.9
CVSSv2
CVE-2015-1197
cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.
Gnu Cpio 2.11
1 Metasploit module
1 Article
6.9
CVSSv2
CVE-2019-14866
In all versions of cpio prior to 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths ...
Gnu Cpio
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
NA
CVE-2023-39804
In GNU tar prior to 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.
5
CVSSv2
CVE-2018-20679
An issue exists in BusyBox prior to 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote malicious user to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in...
Busybox Busybox
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.10
5
CVSSv2
CVE-2019-5747
An issue exists in BusyBox up to and including 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP client, server, and/or relay) might allow a remote malicious user to leak sensitive information from the stack by sending a crafted DHCP message. This is related...
Busybox Busybox
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »