Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2013-4397

Published: 17/10/2013 Updated: 13/02/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Enterprise Linux

Vulnerability Summary

Multiple integer overflows in the th_read function in lib/block.c in libtar prior to 1.2.20 allow remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) name or (2) link in an archive, which triggers a heap-based buffer overflow.

Vulnerable Product Search on Vulmon Subscribe to Product

redhat enterprise linux 6.0

feep libtar 1.2.14

feep libtar 1.2.17

feep libtar

feep libtar 1.2.13

feep libtar 1.2.11

feep libtar 1.2.15

feep libtar 1.2.18

feep libtar 1.2.16

Vendor Advisories

Red Hat: Moderate: libtar security update
Synopsis Moderate: libtar security update Type/Severity Security Advisory: Moderate Topic An updated libtar package that fixes one security issue is now availablefor Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact A Common Vulnerability ...
Debian CVElist Bug Report Logs: libtar: CVE-2013-4397: Integer overflow
Debian Bug report logs - #725938 libtar: CVE-2013-4397: Integer overflow Package: libtar; Maintainer for libtar is Magnus Holmgren <holmgren@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 10 Oct 2013 05:54:02 UTC Severity: grave Tags: fixed-upstream, patch, security, upstream Fixed in ...
Debian Security Advisories: DSA-2817-1 libtar -- Integer overflow
Timo Warns reported multiple integer overflow vulnerabilities in libtar, a library for manipulating tar archives, which can result in the execution of arbitrary code For the oldstable distribution (squeeze), this problem has been fixed in version 1211-6+deb6u1 For the stable distribution (wheezy), this problem has been fixed in version 1216-1 ...
Red Hat: CVE-2013-4397
Multiple integer overflows in the th_read function in lib/blockc in libtar before 1220 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) name or (2) link in an archive, which triggers a heap-based buffer overflow ...

References

CWE-189http://www.openwall.com/lists/oss-security/2013/10/10/4http://www.openwall.com/lists/oss-security/2013/10/10/6http://secunia.com/advisories/55188http://rhn.redhat.com/errata/RHSA-2013-1418.htmlhttp://www.securityfocus.com/bid/62922http://secunia.com/advisories/55253http://repo.or.cz/w/libtar.git/commitdiff/45448e8bae671c2f7e80b860ae0fc0cedf2bdc04http://www.securitytracker.com/id/1029166https://lists.feep.net:8080/pipermail/libtar/2013-October/000361.htmlhttp://www.debian.org/security/2013/dsa-2817http://www.securitytracker.com/id/1040106https://source.android.com/security/bulletin/2018-01-01https://access.redhat.com/errata/RHSA-2013:1418https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2013-4397https://www.debian.org/security/./dsa-2817
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook