Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
feep libtar vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2021-33644
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read.
Feep Libtar
Huawei Openeuler 20.03
Huawei Openeuler 22.03
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
NA
CVE-2021-33645
The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak.
Feep Libtar
Huawei Openeuler 20.03
Huawei Openeuler 22.03
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
NA
CVE-2021-33643
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.
Feep Libtar
Huawei Openeuler 20.03
Huawei Openeuler 22.03
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
NA
CVE-2021-33646
The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak.
Feep Libtar
Huawei Openeuler 20.03
Huawei Openeuler 22.03
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
516
VMScore
CVE-2013-4420
Multiple directory traversal vulnerabilities in the (1) tar_extract_glob and (2) tar_extract_all functions in libtar 1.2.20 and previous versions allow remote malicious users to overwrite arbitrary files via a .. (dot dot) in a crafted tar file.
Feep Libtar 1.2.16
Feep Libtar 1.2.17
Feep Libtar 1.2.18
Feep Libtar 1.2.19
Feep Libtar 1.2.11
Feep Libtar 1.2.14
Feep Libtar 1.2.13
Feep Libtar 1.2.15
Feep Libtar
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started