6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.061 Low
EPSS
Percentile
92.4%
The libtar package contains a C library for manipulating tar archives. The
library supports both the strict POSIX tar format and many of the commonly
used GNU extensions.
Two heap-based buffer overflow flaws were found in the way libtar handled
certain archives. If a user were tricked into expanding a specially-crafted
archive, it could cause the libtar executable or an application using
libtar to crash or, potentially, execute arbitrary code. (CVE-2013-4397)
Note: This issue only affected 32-bit builds of libtar.
Red Hat would like to thank Timo Warns for reporting this issue.
All libtar users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | x86_64 | libtar | < 1.2.11-17.el6_4.1 | libtar-1.2.11-17.el6_4.1.x86_64.rpm |
RedHat | 6 | ppc64 | libtar | < 1.2.11-17.el6_4.1 | libtar-1.2.11-17.el6_4.1.ppc64.rpm |
RedHat | 6 | i686 | libtar-devel | < 1.2.11-17.el6_4.1 | libtar-devel-1.2.11-17.el6_4.1.i686.rpm |
RedHat | 6 | s390x | libtar-debuginfo | < 1.2.11-17.el6_4.1 | libtar-debuginfo-1.2.11-17.el6_4.1.s390x.rpm |
RedHat | 6 | i686 | libtar-debuginfo | < 1.2.11-17.el6_4.1 | libtar-debuginfo-1.2.11-17.el6_4.1.i686.rpm |
RedHat | 6 | x86_64 | libtar-devel | < 1.2.11-17.el6_4.1 | libtar-devel-1.2.11-17.el6_4.1.x86_64.rpm |
RedHat | 6 | s390x | libtar | < 1.2.11-17.el6_4.1 | libtar-1.2.11-17.el6_4.1.s390x.rpm |
RedHat | 6 | s390 | libtar | < 1.2.11-17.el6_4.1 | libtar-1.2.11-17.el6_4.1.s390.rpm |
RedHat | 6 | i686 | libtar | < 1.2.11-17.el6_4.1 | libtar-1.2.11-17.el6_4.1.i686.rpm |
RedHat | 6 | ppc64 | libtar-debuginfo | < 1.2.11-17.el6_4.1 | libtar-debuginfo-1.2.11-17.el6_4.1.ppc64.rpm |