Shodan
Vulnerabilities
Vulnerable Software
Gnu:  >> Tar  >> 1.11.1  Security Vulnerabilities
CVE-2022-48303
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-01-30
CVE-2021-20193
A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.
CVSS Score
3.3
EPSS Score
0.001
Published
2021-03-26
CVE-2019-9923
pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.
CVSS Score
7.5
EPSS Score
0.005
Published
2019-03-22
CVE-2018-20482
GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).
CVSS Score
4.7
EPSS Score
0.0
Published
2018-12-26
CVE-2010-0624
Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.
CVSS Score
6.8
EPSS Score
0.019
Published
2010-03-15
CVE-2007-4476
Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."
CVSS Score
7.5
EPSS Score
0.118
Published
2007-09-05
CVE-2002-1216
GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check.
CVSS Score
5.0
EPSS Score
0.008
Published
2002-10-28
CVE-2001-1267
Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot).
CVSS Score
2.1
EPSS Score
0.001
Published
2001-07-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved