Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
feep libtar vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-4420
Multiple directory traversal vulnerabilities in the (1) tar_extract_glob and (2) tar_extract_all functions in libtar 1.2.20 and previous versions allow remote malicious users to overwrite arbitrary files via a .. (dot dot) in a crafted tar file.
Feep Libtar 1.2.16
Feep Libtar 1.2.17
Feep Libtar 1.2.18
Feep Libtar 1.2.19
Feep Libtar 1.2.11
Feep Libtar 1.2.14
Feep Libtar 1.2.13
Feep Libtar 1.2.15
Feep Libtar
7.5
CVSSv3
CVE-2021-33646
The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak.
Feep Libtar
Huawei Openeuler 20.03
Huawei Openeuler 22.03
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
8.1
CVSSv3
CVE-2021-33644
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read.
Feep Libtar
Huawei Openeuler 20.03
Huawei Openeuler 22.03
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
7.5
CVSSv3
CVE-2021-33645
The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak.
Feep Libtar
Huawei Openeuler 20.03
Huawei Openeuler 22.03
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
9.1
CVSSv3
CVE-2021-33643
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.
Feep Libtar
Huawei Openeuler 20.03
Huawei Openeuler 22.03
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started