21 matches found
CVE-2025-11232
To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting, which is "^A-Za-z0-9.-"; "hostname-char-replacement" must be empty the default; and "ddns-qualifying-suffix" must NOT be empty the default is empty. DDNS...
SUSE CVE-2007-4476
Buffer overflow in the safernamesuffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."...
SUSE CVE-2016-2037
The cpiosafernamesuffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service out-of-bounds write via a crafted cpio file...
SUSE CVE-2016-6321
Directory traversal vulnerability in the safernamesuffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the filename parameter, aka POINTYFEATHER...
The vulnerability of the safer_name_suffix function in the GNU Tar archive manager allows a hacker to bypass the intended security measures and write data to arbitrary files.
The vulnerability of the safernamesuffix function in the GNU Tar archive manager exists due to an incorrect restriction on the pathname to the restricted-access directory. Exploiting this vulnerability could allow a malicious actor to bypass the intended security measures and write to arbitrary...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal. Directory traversal vulnerability in the safernamesuffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related...
ALPINE-CVE-2016-6321
Directory traversal vulnerability in the safernamesuffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the filename parameter, aka POINTYFEATHER...
UBUNTU-CVE-2016-6321
Directory traversal vulnerability in the safernamesuffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the filename parameter, aka POINTYFEATHER...
DEBIAN-CVE-2016-2037
The cpiosafernamesuffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service out-of-bounds write via a crafted cpio file...
UBUNTU-CVE-2016-2037
The cpiosafernamesuffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service out-of-bounds write via a crafted cpio file...
PT-2016-3297 · Gnu +3 · Gnu Tar +3
Name of the Vulnerable Software and Affected Versions: GNU tar versions 1.14 through 1.29 Description: The issue is related to a directory traversal vulnerability in the safer name suffix function. This vulnerability might allow remote attackers to bypass an intended protection mechanism and writ...
ALPINE-CVE-2013-4407
HTTP::Body::Multipart in the HTTP-Body module for Perl 1.07 through 1.22, before 1.23 uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may...
UBUNTU-CVE-2013-4407
HTTP::Body::Multipart in the HTTP-Body module for Perl 1.07 through 1.22, before 1.23 uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may...
tar/cpio stack crashing in safer_name_suffix
Buffer overflow in the safernamesuffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."...
tar/cpio stack crashing in safer_name_suffix
Buffer overflow in the safernamesuffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."...
cpio security update
2.6-23.1 - CVE-2010-0624 fix heap-based buffer overflow by expanding a specially-crafted archive - CVE-2007-4476 fix stack crashing in safernamesuffix...
FreeBSD : gtar -- GNU TAR safer_name_suffix Remote Denial of Service Vulnerability (0809ce7d-f672-4924-9b3b-7c74bc279b83)
SecurityFocus reports : GNUs tar and cpio utilities are prone to a denial-of-service vulnerability because of insecure use of the alloca function. Successfully exploiting this issue allows attackers to crash the affected utilities and possibly to execute code but this has not been confirmed...
GNU TAR和CPIO safer_name_suffix远程拒绝服务漏洞
BUGTRAQ ID: 26445 CVECAN ID: CVE-2007-4476 GNU Tar和GNU Cpio都是流行的用于管理档案文件的程序。 tar和cpio使用的safernamesuffix函数使用alloca报告所要剥离的前缀字符串,而这个字符串的长度(也就是传送给alloca的大小)是受tarball所有者控制的。因此,只要字符串超长就可以触发栈溢出。由于alloca之后的memcpy调用,这个溢出只能导致崩溃 GNU cpio 2.6 GNU cpio 2.5 GNU cpio 2.4 GNU cpio 1.x GNU tar 1.16 GNU tar 1.15 G...
Cpio: Buffer overflow
Background GNU cpio copies files into or out of a cpio or tar archive. Description A buffer overflow vulnerability in the safernamesuffix function in GNU cpio has been discovered. Impact A remote attacker could entice a user to open a specially crafted archive file resulting in a stack-based buff...
Fedora 7 : tar-1.15.1-28.fc7 (2007-2673)
Wed Oct 24 2007 Radek Brich 2:1.15.1-28 - backported upstream patch for CVE-2007-4476 tar stack crashing in safernamesuffix - Tue Aug 28 2007 Radek Brich 2:1.15.1-27 - fixed CVE-2007-4131 tar directory traversal vulnerability 253684 Note that Tenable Network Security has extracted the preceding...