Vulnerabilities > GNU > TAR > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-30 | CVE-2022-48303 | Out-of-bounds Read vulnerability in multiple products GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. | 5.5 |
| 2021-03-26 | CVE-2021-20193 | Memory Leak vulnerability in GNU TAR A flaw was found in the src/list.c of tar 1.33 and earlier. | 5.5 |
| 2010-03-15 | CVE-2010-0624 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GNU Cpio and TAR Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character. | 6.8 |
| 2007-08-25 | CVE-2007-4131 | Remote Directory Traversal vulnerability in GNU Tar Dot_Dot Function Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. | 6.8 |
| 2006-11-24 | CVE-2006-6097 | Remote Directory Traversal vulnerability in GNU TAR 1.15.1/1.16 GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216. | 4.0 |
| 2006-02-24 | CVE-2006-0300 | Buffer Overflow vulnerability in GNU Tar Invalid Headers Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers. | 5.1 |
| 2002-10-28 | CVE-2002-1216 | Remote Security vulnerability in tar GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check. | 5.0 |
| 2002-10-10 | CVE-2002-0399 | Unspecified vulnerability in GNU TAR 1.13.25 Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267. | 5.0 |