TencentOS Server 4: tar (TSSA-2026:0104)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0104 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Siemens SIMATIC S7-1500 Loop with Unreachable Exit Condition (CVE-2018-20482)

GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service infinite read loop in sparsedumpregion in sparse.c by modifying a file that is supposed to be archived by a different user's process e.g., a system back...

JLSEC-2025-197 GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a c...

GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file,...

EUVD-2005-1920

Malware in sbrugna...

EUVD-2002-0396

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2023-39804

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c. CVE-2023-39804 Note that Nessus relies o...

Linux Distros Unpatched Vulnerability : CVE-2025-45582

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an...

CVE-2025-45582

A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the ‘--keep-old-files’ ‘-k’, the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to...

CVE-2025-45582

GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file,...

PT-2025-29264

Name of the Vulnerable Software and Affected Versions: GNU Tar versions through 1.35 Description: GNU Tar through version 1.35 is susceptible to a directory traversal vulnerability that allows for file overwrites within crafted TAR archives. The vulnerability requires a two-step process: first,...

CVE-1999-0202

The GNU tar command, when used in FTP sessions, may allow an attacker to execute arbitrary commands...

DEBIAN-CVE-2022-48303

GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in fromheader in list.c via a V7 archive in which mtime has approximately 11 whitespace...

GNU tar denial of service vulnerability (CNVD-2021-24265)

GNU Tar is a set of tools from the GNU community for creating files in tar format. A security vulnerability exists in tar 1.33 and earlier versions, which can be exploited by an attacker to submit a crafted input file to tar, resulting in uncontrolled memory consumption...

MGASA-2019-0034 GNU tar has been updated to fix CVE-2018-20482

GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service infinite read loop in sparsedumpregion in sparse.c by modifying a file that is supposed to be archived by a different user's process e.g., a system back...

GNU tar Denial of Service Vulnerability

GNU Tar is a set of tools developed by the GNU Project for creating files in tar format. A security vulnerability exists in GNU Tar versions 1.30 and earlier, which stems from the program's failure to properly handle file shrinking. A local attacker can exploit this vulnerability by modifying the...

CVE-2006-6097

GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPENAMES record with a symbolic link, which is not properly handled by the extractarchive function in extract.c and extractmangle function in...

CVE-2005-1918

The original patch for a GNU tar directory traversal vulnerability CVE-2002-0399 in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/"...

CVE-2002-1216

GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check...

CVE-2002-0399

Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a 1 "/.." or 2 "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267...

CVE-2002-0399

Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a 1 "/.." or 2 "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267...