Vulnerabilities > GNU > TAR > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-12-26 | CVE-2018-20482 | Infinite Loop vulnerability in multiple products GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root). | 1.9 |
2005-12-31 | CVE-2005-1918 | Path Traversal vulnerability in multiple products The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/". | 2.6 |
2001-07-12 | CVE-2001-1267 | Unspecified vulnerability in GNU TAR Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. | 2.1 |