CVE-2026-32766

astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.6 and earlier, malformed PAX extensions were silently skipped when parsing tar archives. This silent skipping rather than rejection of invalid PAX extensions could be used as a building block for a parser...

CVE-2026-32766

astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.6 and earlier, malformed PAX extensions were silently skipped when parsing tar archives. This silent skipping rather than rejection of invalid PAX extensions could be used as a building block for a parser...

Insufficient validation of PAX extensions during extraction

In versions 0.5.6 and earlier of astral-tokio-tar, malformed PAX extensions were silently skipped when parsing tar archives. This silent skipping rather than rejection of invalid PAX extensions could be used as a building block for a parser differential, for example by silently skipping a malform...

BIT-PYTHON-MIN-2025-13462 tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling

The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations...

BIT-LIBPYTHON-2025-13462 tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling

The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations...

CVE-2025-13462

The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations...

CVE-2002-2164

Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service crash via a long link...

libarchive 安全漏洞

libarchive is a multi-format archive and compression library open-sourced by libarchive. A security vulnerability exists in libarchive 3.7.7 and earlier versions, which stems from a heap-based buffer over-read due to incorrect handling of truncation in the middle of GNU long link names...

firefox: thunderbird: Origin of permission prompt could be spoofed by long URL

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: Truncation of a long URL could have allowed origin spoofing in a permission prompt...

firefox: thunderbird: Origin of permission prompt could be spoofed by long URL

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: Truncation of a long URL could have allowed origin spoofing in a permission prompt...

UBUNTU-CVE-2024-10462

Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132...

SUSE CVE-2019-9675

An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phartarwriteheadersint in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happen: "This issue...

Mozilla Firefox 输入验证错误漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from an input validation error vulnerability that originates from insufficient validation of URLs, which can be exploited by an attacker to trick a victim into clicking on a ver...

AZL-37054 CVE-2019-17414 affecting package vino 3.22.0-20

tinylcy Vino through 2017-12-15 allows remote attackers to cause a denial of service "vngetstring error: Resource temporarily unavailable" error and daemon crash via a long URL...

CVE-2019-9675

Removed by vendor...

CVE-2019-9675

An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phartarwriteheadersint in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happen: "This issue...

php: buffer overflow in handling of long link names in tar phar archives

Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted TAR archive...

Safari for windows Long link DoS

Exploit for windows platform in category dos / poc ================================ Safari for windows Long link DoS ================================ Safari for windows Long link DoS Vendor URL:http://www.apple.com/safari/...

Safari Long Link Denial Of Service

Safari for windows Long link DoS Vendor URL:http://www.apple.com/safari/ Advisore:http://lostmon.blogspot.com/2010/08/safari-for-windows-long-link-dos.html Vendor notified:Yes exploit available: YES Safari is prone vulnerable to Dos with a very long Link... This issue is exploitable via web links...

Embedthis Appweb 3.0b.2-4 - Remote Buffer Overflow (PoC)

Embedthis Appweb 3.0b.2-4 - Remote Buffer Overflow PoC / Embedthis Appweb Remote Stack Buffer Overflow Poc Embedthis Appweb Debugging Info ------------------------------- ASM INSTRUCTIONS ---------------- 100076CD 8B0A MOV ECX,DWORD PTR DS:EDX 100076CF 8B50 10 MOV EDX,DWORD PTR DS:EAX+10 100076D2...