Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2016-6321

Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.068
EPSS Ranking 90.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2016-6321
  • Gnu » Tar » Version: 1.14
    cpe:2.3:a:gnu:tar:1.14
  • Gnu » Tar » Version: 1.15
    cpe:2.3:a:gnu:tar:1.15
  • Gnu » Tar » Version: 1.15.1
    cpe:2.3:a:gnu:tar:1.15.1
  • Gnu » Tar » Version: 1.15.90
    cpe:2.3:a:gnu:tar:1.15.90
  • Gnu » Tar » Version: 1.15.91
    cpe:2.3:a:gnu:tar:1.15.91
  • Gnu » Tar » Version: 1.16
    cpe:2.3:a:gnu:tar:1.16
  • Gnu » Tar » Version: 1.16.1
    cpe:2.3:a:gnu:tar:1.16.1
  • Gnu » Tar » Version: 1.17
    cpe:2.3:a:gnu:tar:1.17
  • Gnu » Tar » Version: 1.18
    cpe:2.3:a:gnu:tar:1.18
  • Gnu » Tar » Version: 1.19
    cpe:2.3:a:gnu:tar:1.19
  • Gnu » Tar » Version: 1.20
    cpe:2.3:a:gnu:tar:1.20
  • Gnu » Tar » Version: 1.21
    cpe:2.3:a:gnu:tar:1.21
  • Gnu » Tar » Version: 1.22
    cpe:2.3:a:gnu:tar:1.22
  • Gnu » Tar » Version: 1.23
    cpe:2.3:a:gnu:tar:1.23
  • Gnu » Tar » Version: 1.24
    cpe:2.3:a:gnu:tar:1.24
  • Gnu » Tar » Version: 1.25
    cpe:2.3:a:gnu:tar:1.25
  • Gnu » Tar » Version: 1.26
    cpe:2.3:a:gnu:tar:1.26
  • Gnu » Tar » Version: 1.27
    cpe:2.3:a:gnu:tar:1.27
  • Gnu » Tar » Version: 1.27.1
    cpe:2.3:a:gnu:tar:1.27.1
  • Gnu » Tar » Version: 1.28
    cpe:2.3:a:gnu:tar:1.28
  • Gnu » Tar » Version: 1.29
    cpe:2.3:a:gnu:tar:1.29


Products
Pricing
Contact Us

Shodan ® - All rights reserved