Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tar vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2016-6321
Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 up to and including 1.29 might allow remote malicious users to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name pa...
Gnu Tar 1.26
Gnu Tar 1.27.1
Gnu Tar 1.23
Gnu Tar 1.29
Gnu Tar 1.25
Gnu Tar 1.22
Gnu Tar 1.18
Gnu Tar 1.19
Gnu Tar 1.20
Gnu Tar 1.17
Gnu Tar 1.27
Gnu Tar 1.15.90
Gnu Tar 1.16
Gnu Tar 1.28
Gnu Tar 1.14
Gnu Tar 1.24
Gnu Tar 1.15.91
Gnu Tar 1.15
Gnu Tar 1.15.1
Gnu Tar 1.21
Gnu Tar 1.16.1
NA
CVE-2007-4131
Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote malicious users to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
Gnu Tar 1.13.19
Gnu Tar 1.13.25
Gnu Tar 1.15.91
Gnu Tar 1.16
Gnu Tar 1.13
Gnu Tar 1.13.5
Gnu Tar 1.14
Gnu Tar 1.13.16
Gnu Tar 1.13.17
Gnu Tar 1.13.18
Gnu Tar 1.15.1
Gnu Tar 1.15.90
Gnu Tar 1.13.11
Gnu Tar 1.13.14
Gnu Tar 1.14.90
Gnu Tar 1.15
NA
CVE-2010-0624
Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar prior to 1.23 and GNU cpio prior to 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending mor...
Gnu Tar 1.13.16
Gnu Tar 1.13.17
Gnu Tar 1.14.90
Gnu Tar 1.15
Gnu Tar 1.18
Gnu Tar 1.17
Gnu Cpio 2.5
Gnu Cpio 2.5.90
Gnu Tar 1.13.11
Gnu Tar 1.13.14
Gnu Tar 1.14
Gnu Tar 1.14.1
Gnu Tar 1.20
Gnu Tar 1.19
Gnu Cpio 1.3
Gnu Cpio 2.4-2
Gnu Tar
Gnu Cpio
Gnu Tar 1.13.18
Gnu Tar 1.13.19
Gnu Tar 1.15.1
Gnu Tar 1.15.90
1 Github repository
NA
CVE-2006-0300
Buffer overflow in tar 1.14 up to and including 1.15.90 allows user-assisted malicious users to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.
Gnu Tar 1.14.1
Gnu Tar 1.15
Gnu Tar 1.15.1
Gnu Tar 1.15.90
Gnu Tar 1.14
7.5
CVSSv3
CVE-2021-38511
An issue exists in the tar crate prior to 0.4.36 for Rust. When symlinks are present in a TAR archive, extraction can create arbitrary directories via .. traversal.
Tar Project Tar
7.5
CVSSv3
CVE-2018-20990
An issue exists in the tar crate prior to 0.4.16 for Rust. Arbitrary file overwrite can occur via a symlink or hardlink in a TAR archive.
Tar Project Tar
NA
CVE-2002-1216
GNU tar 1.13.19 and other versions prior to 1.13.25 allows remote malicious users to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check.
Gnu Tar 1.13.19
Gnu Tar
7.5
CVSSv3
CVE-2018-20835
A vulnerability was found in tar-fs prior to 1.16.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file co...
Tar-fs Project Tar-fs
27 Github repositories
7.5
CVSSv3
CVE-2018-20834
A vulnerability was found in node-tar before version 4.4.2 (excluding version 2.2.2). An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as...
Node-tar Project Node-tar
4 Github repositories
9.1
CVSSv3
CVE-2020-36566
Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
Tar-utils Project Tar-utils
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »