Astra Linux - уязвимость в tar

In the sparse.c file of GNU Tar, before version 1.32, there was a NULL pointer dereferencing issue when parsing certain archives that contained malformed extended headers...

Astra Linux - уязвимость в tar

The vulnerability of the extractfile function in the GNU Tar archive viewer is related to reading data beyond the buffer’s allowed limits. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

JLSEC-2026-184

GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in fromheader in list.c via a V7 archive in which mtime has approximately 11 whitespace...

golang: archive/tar: Unbounded allocation when parsing GNU sparse map

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...

EulerOS 2.0 SP13 : golang (EulerOS-SA-2026-1240)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a respon...

TencentOS Server 4: tar (TSSA-2026:0104)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0104 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

golang: archive/tar: Unbounded allocation when parsing GNU sparse map

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...

golang: archive/tar: Unbounded allocation when parsing GNU sparse map

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...

RHEL 8 : osbuild-composer (RHSA-2026:0973)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0973 advisory. A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for...

K000159077: GNU Tar vulnerability CVE-2019-9923

Security Advisory Description paxdecodeheader in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers. CVE-2019-9923 There is no impact; F5 products are not affected by this vulnerability. Note : F5 previously reported...

OESA-2026-1096 tar security update

GNU Tar provides the ability to create tar archives, as well as various other kinds of manipulation. For example, you can use Tar on previously created archives to extract files, to store additional files, or to update or list files which were already stored. Security Fixes: GNU Tar through 1.35...

OESA-2026-1095 tar security update

GNU Tar provides the ability to create tar archives, as well as various other kinds of manipulation. For example, you can use Tar on previously created archives to extract files, to store additional files, or to update or list files which were already stored. Security Fixes: GNU Tar through 1.35...

OESA-2026-1091 tar security update

GNU Tar provides the ability to create tar archives, as well as various other kinds of manipulation. For example, you can use Tar on previously created archives to extract files, to store additional files, or to update or list files which were already stored. Security Fixes: GNU Tar through 1.35...

MiracleLinux 3 : tar-1.15.1-23.0.1.AXS3.2 (AXSA:2010-148:01)

The remote MiracleLinux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2010-148:01 advisory. The GNU tar program saves many files together in one archive and can restore individual files or all of the files from that archive. Tar can also be...

RHEL 9 : tar (RHSA-2026:0434)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0434 advisory. The GNU tar program can save multiple files in an archive and restore files from an archive. Security Fixes: tar: Tar path traversal CVE-2025-45582 F...

RHEL 9 : skopeo (RHSA-2026:0477)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0477 advisory. The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify file...

tar: Tar path traversal

A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the ‘--keep-old-files’ ‘-k’, the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to...

tar: Tar path traversal

A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the ‘--keep-old-files’ ‘-k’, the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to...

Amazon Linux 2 : amazon-ssm-agent, --advisory ALAS2-2025-3121 (ALAS-2025-3121)

The version of amazon-ssm-agent installed on the remote host is prior to 3.3.3572.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3121 advisory. Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy...

Important: amazon-ssm-agent

Issue Overview: Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon. CVE-2025-22874 Proxy-Authorization and Proxy-Authenticate headers...