Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Tar
(Gnu)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 15 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2006-02-23 | CVE-2006-0300 | Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers. | Tar | N/A | ||
| 2005-12-31 | CVE-2005-1918 | The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/". | Tar, Enterprise_linux, Enterprise_linux_desktop, Linux_advanced_workstation | N/A | ||
| 2002-10-28 | CVE-2002-1216 | GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check. | Tar | N/A | ||
| 2002-10-10 | CVE-2002-0399 | Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267. | Tar | N/A | ||
| 2001-07-12 | CVE-2001-1267 | Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot). | Tar | N/A |