17 matches found
CVE-2026-53218
A flaw was found in the Linux kernel's netfilter component. This vulnerability occurs in the nftexthdr module when handling user-controlled data lengths with a specific flag, NFTEXTHDRFPRESENT, enabled. An attacker could exploit this by providing a crafted input, leading to the exposure of...
DEBIAN-CVE-2026-53655
node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next header entry of any type, including intermediary metadata headers such as a GNU long-name L or long-link K entry. Per POSIX pax, a PAX extend...
node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)
Summary tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next header entry of any type, including intermediary metadata headers such as a GNU long-name L or long-link K entry. Per POSIX pax, a PAX extended header x describes the next file entry, not the...
Interpretation Conflict
Overview org.webjars.npm:tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Interpretation Conflict due to improper handling of PAX extended header size overrides in intermediary metadata headers. An attacker can cause inconsistent archive parsing results...
PT-2026-49577
Name of the Vulnerable Software and Affected Versions node-tar versions prior to 7.5.16 Description An interpretation differential exists in how the software parses tar archives. The issue occurs because the library applies a PAX extended header's size= record and other PAX overrides to the next...
CLSA-2026-1778820779 tar: Fix of CVE-2023-39804
CVE-2023-39804: fix crash on PAX archive with malformed extended header attributes in locatehandler and xattrdecoder...
CLSA-2026-1778828497 tar: Fix of CVE-2023-39804
CVE-2023-39804: fix crash on PAX archive with malformed extended header attributes in locatehandler and xattrdecoder...
CLSA-2024-1710436683 Fix CVE(s): CVE-2023-39804
SECURITY UPDATE: denial of service attack - debian/patches/CVE-2023-39804.patch: Fix handling of extended header prefixes. - CVE-2023-39804...
CLSA-2024-1706026767 Fix CVE(s): CVE-2023-39804
SECURITY UPDATE: denial of service attack - debian/patches/CVE-2023-39804.patch: Fix handling of extended header prefixes. - CVE-2023-39804.patch...
SUSE CVE-2015-8919
The lhareadfileextendedheader function in archivereadsupportformatlha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service out-of-bounds heap via a crafted 1 lzh or 2 lha file...
Open5GS 安全漏洞
Open5GS is an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS suffers from a denial of service vulnerability that stems from insufficient validation of the extended header length, which can be exploited by an attacker to cause a denial of servic...
Siemens Nucleus 安全漏洞
The Nucleus NET module includes a range of standards-compliant networking and communications protocols, drivers and utilities to provide full-featured networking support in any embedded device.Nucleus RTOS provides a highly scalable microkernel-based real-time operating system designed for...
Digital Error Vulnerability in Multiple Qualcomm Products
A Qualcomm chip is a chip from Qualcomm Incorporated USA. It is a way of miniaturizing circuits mainly semiconductor devices, but also passive components, etc. and is often fabricated on the surface of semiconductor wafers. A numeric error vulnerability exists in several Qualcomm products, which...
Lhaca LHZ Archive Extended Header Size Processing Buffer Overflow Vulnerability
Overview Lhaca does not process an LHZ archive with an invalid Extended Header Size properly, which could lead to buffer overflow. This problem is reported to be different from the issue identified in JVNDB-2007-000492 CVE-2007-3375. Impact An attacker could execute arbitrary code. Solution Pleas...
Lhaca LZH文档畸形Extended Header Size值栈缓冲区溢出漏洞
Lhaca是一款由日本开发的免费文档压缩解压工具。 Lhaca在处理畸形的LHA文档时存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞通过诱使用户处理恶意文件控制用户机器。 Lhaca没有充分地验证从LHA文件读取的Extended Header Size值便将其拷贝到了Extended Header Data字节数的栈缓冲区,如果Extended Header Size值大于255的话就可能触发缓冲区溢出,导致执行任意指令;此外由于没有正确地使用strncpy还可能导致进一步覆盖该缓冲区。有漏洞的函数如下: function40D974FILE fp, char outbuffer cha...
Stack overflow
Stack-based buffer overflow in Lhaca File Archiver before 1.22 allows user-assisted remote attackers to execute arbitrary code via a large LHA "Extended Header Size" value in an LZH archive, a different issue than CVE-2007-3375...
CVE-2006-4438
Heap-based buffer overflow in SpIDer for Dr.Web Scanner for Linux 4.33, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LHA archive with an extended header that contains a long directory name...