Denial of service while parsing a tar file due to lack of folders count validation

Description: During some analysis today on npm's node-tar package I came across the folder creation process, Basicly if you provide node-tar with a path like this ./a/b/c/foo.txt it would create every folder and sub-folder here a, b and c until it reaches the last folder to create foo.txt, In-thi...

GHSA-F5X3-32G6-XQ36 Denial of service while parsing a tar file due to lack of folders count validation

Description: During some analysis today on npm's node-tar package I came across the folder creation process, Basicly if you provide node-tar with a path like this ./a/b/c/foo.txt it would create every folder and sub-folder here a, b and c until it reaches the last folder to create foo.txt, In-thi...

CVE-2024-28863

node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few...

AZL-37136 CVE-2024-28863 affecting package reaper for versions less than 3.1.1-17

node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few...

AZL-37115 CVE-2024-28863 affecting package nodejs for versions less than 20.14.0-1

node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few...

DEBIAN-CVE-2024-28863

node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few...

CVE-2024-28863

node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few...

UBUNTU-CVE-2024-28863

node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few...

CVE-2024-28863 node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation

node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few...

CVE-2024-28863

node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few...

CVE-2024-28863

CVE-2024-28863 affects the npm package graph for Node.js via the node-tar library. The issue: node-tar prior to version 6.2.1 imposes no limit on the number of sub-folders created during folder extraction, enabling an attacker to produce a path with many sub-folders that can consume memory and cr...

CVE-2024-28863

node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few...

CVE-2024-28863 node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation

node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few...

CVE-2024-28863 node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation

node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few...

PT-2024-7914

Name of the Vulnerable Software and Affected Versions node-tar versions prior to 6.2.1 Description The issue is related to an uncontrolled consumption of resources. An attacker can exploit this by generating a large number of sub-folders, consuming memory on the system running node-tar, and...

node-tar 安全漏洞

node-tar is a software package for file compression/decompression. A security vulnerability exists in node-tar versions prior to 6.2.1, which stems from an unrestricted number of subfolders created during folder creation, and can be exploited by an attacker to generate a large number of subfolder...

Rocky Linux 8 : nodejs:14 (RLSA-2022:0350)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0350 advisory. - This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator...

Ubuntu 16.04 ESM : node-tar vulnerability (USN-4777-1)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-4777-1 advisory. It was discovered that node-tar mishandled certain tar archives. An attacker could use this vulnerability to write arbitrary files to the filesystem. Tenable has...

SUSE CVE-2021-32803

The npm package "tar" aka node-tar before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in...

SUSE CVE-2021-32804

The npm package "tar" aka node-tar before versions 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has a arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. node-tar aims to prevent extraction of absolute file paths by turning absolute paths into relative paths when th...