Lucene search
K

21 matches found

AlpineLinux
AlpineLinux
added 2025/10/29 6:2 p.m.3 views

CVE-2025-11232

To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting, which is "^A-Za-z0-9.-"; "hostname-char-replacement" must be empty the default; and "ddns-qualifying-suffix" must NOT be empty the default is empty. DDNS...

7.5CVSS7AI score0.00387EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 6:11 a.m.5 views

SUSE CVE-2007-4476

Buffer overflow in the safernamesuffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."...

7.5CVSS7.3AI score0.14902EPSS
Exploits2References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:6 a.m.2 views

SUSE CVE-2016-2037

The cpiosafernamesuffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service out-of-bounds write via a crafted cpio file...

4.3CVSS6.2AI score0.05484EPSS
Exploits0References24
SUSE CVE
SUSE CVE
added 2023/02/15 4:59 a.m.3 views

SUSE CVE-2016-6321

Directory traversal vulnerability in the safernamesuffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the filename parameter, aka POINTYFEATHER...

7.5CVSS7.2AI score0.15155EPSS
Exploits3References6
BDU FSTEC
BDU FSTEC
added 2019/10/29 12:0 a.m.7 views

The vulnerability of the safer_name_suffix function in the GNU Tar archive manager allows a hacker to bypass the intended security measures and write data to arbitrary files.

The vulnerability of the safernamesuffix function in the GNU Tar archive manager exists due to an incorrect restriction on the pathname to the restricted-access directory. Exploiting this vulnerability could allow a malicious actor to bypass the intended security measures and write to arbitrary...

7.8CVSS5.6AI score0.15155EPSS
Exploits3References4Affected Software1
Snyk
Snyk
added 2016/12/09 10:59 p.m.4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal. Directory traversal vulnerability in the safernamesuffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related...

7.5CVSS7.2AI score0.15155EPSS
Exploits3References2
OSV
OSV
added 2016/12/09 10:59 p.m.4 views

ALPINE-CVE-2016-6321

Directory traversal vulnerability in the safernamesuffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the filename parameter, aka POINTYFEATHER...

7.5CVSS7.2AI score0.15155EPSS
Exploits3References1
OSV
OSV
added 2016/10/28 12:0 a.m.6 views

UBUNTU-CVE-2016-6321

Directory traversal vulnerability in the safernamesuffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the filename parameter, aka POINTYFEATHER...

7.5CVSS7.3AI score0.15155EPSS
Exploits3References4
OSV
OSV
added 2016/02/22 3:59 p.m.2 views

DEBIAN-CVE-2016-2037

The cpiosafernamesuffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service out-of-bounds write via a crafted cpio file...

6.5CVSS8.6AI score0.05484EPSS
Exploits0References1
OSV
OSV
added 2016/01/22 12:0 a.m.3 views

UBUNTU-CVE-2016-2037

The cpiosafernamesuffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service out-of-bounds write via a crafted cpio file...

6.5CVSS6.8AI score0.05484EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2015/10/09 12:0 a.m.4 views

PT-2016-3297 · Gnu +3 · Gnu Tar +3

Name of the Vulnerable Software and Affected Versions: GNU tar versions 1.14 through 1.29 Description: The issue is related to a directory traversal vulnerability in the safer name suffix function. This vulnerability might allow remote attackers to bypass an intended protection mechanism and writ...

7.8CVSS7.7AI score0.15155EPSS
Exploits5References50
OSV
OSV
added 2013/11/23 6:55 p.m.5 views

ALPINE-CVE-2013-4407

HTTP::Body::Multipart in the HTTP-Body module for Perl 1.07 through 1.22, before 1.23 uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may...

6.8CVSS6.8AI score0.02877EPSS
Exploits0References1
OSV
OSV
added 2013/11/23 6:55 p.m.3 views

UBUNTU-CVE-2013-4407

HTTP::Body::Multipart in the HTTP-Body module for Perl 1.07 through 1.22, before 1.23 uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may...

6.8CVSS5.8AI score0.02877EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2010/03/16 12:47 a.m.9 views

tar/cpio stack crashing in safer_name_suffix

Buffer overflow in the safernamesuffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."...

7.5CVSS7.2AI score0.14902EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2010/03/15 11:45 p.m.9 views

tar/cpio stack crashing in safer_name_suffix

Buffer overflow in the safernamesuffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."...

7.5CVSS7.2AI score0.14902EPSS
Exploits2References4
Oracle linux
Oracle linux
added 2010/03/15 12:0 a.m.49 views

cpio security update

2.6-23.1 - CVE-2010-0624 fix heap-based buffer overflow by expanding a specially-crafted archive - CVE-2007-4476 fix stack crashing in safernamesuffix...

7.5CVSS3AI score0.14902EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2009/01/19 12:0 a.m.56 views

FreeBSD : gtar -- GNU TAR safer_name_suffix Remote Denial of Service Vulnerability (0809ce7d-f672-4924-9b3b-7c74bc279b83)

SecurityFocus reports : GNUs tar and cpio utilities are prone to a denial-of-service vulnerability because of insecure use of the alloca function. Successfully exploiting this issue allows attackers to crash the affected utilities and possibly to execute code but this has not been confirmed...

7.5CVSS7.5AI score0.14902EPSS
Exploits2References3
seebug.org
seebug.org
added 2007/11/17 12:0 a.m.44 views

GNU TAR和CPIO safer_name_suffix远程拒绝服务漏洞

BUGTRAQ ID: 26445 CVECAN ID: CVE-2007-4476 GNU Tar和GNU Cpio都是流行的用于管理档案文件的程序。 tar和cpio使用的safernamesuffix函数使用alloca报告所要剥离的前缀字符串,而这个字符串的长度(也就是传送给alloca的大小)是受tarball所有者控制的。因此,只要字符串超长就可以触发栈溢出。由于alloca之后的memcpy调用,这个溢出只能导致崩溃 GNU cpio 2.6 GNU cpio 2.5 GNU cpio 2.4 GNU cpio 1.x GNU tar 1.16 GNU tar 1.15 G...

7.5CVSS7.5AI score0.14902EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2007/11/14 12:0 a.m.45 views

Cpio: Buffer overflow

Background GNU cpio copies files into or out of a cpio or tar archive. Description A buffer overflow vulnerability in the safernamesuffix function in GNU cpio has been discovered. Impact A remote attacker could entice a user to open a specially crafted archive file resulting in a stack-based buff...

7.5CVSS8.1AI score0.14902EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2007/11/06 12:0 a.m.38 views

Fedora 7 : tar-1.15.1-28.fc7 (2007-2673)

Wed Oct 24 2007 Radek Brich 2:1.15.1-28 - backported upstream patch for CVE-2007-4476 tar stack crashing in safernamesuffix - Tue Aug 28 2007 Radek Brich 2:1.15.1-27 - fixed CVE-2007-4131 tar directory traversal vulnerability 253684 Note that Tenable Network Security has extracted the preceding...

7.5CVSS7.2AI score0.14902EPSS
Exploits3References4
Rows per page
Query Builder