24 matches found
PT-2026-47332
Improper Handling of Highly Compressed Data Data Amplification vulnerability in wojtekmach Req allows attacker-controlled HTTP servers to exhaust memory in a Req client via decompression-bomb response bodies. Req's default response pipeline includes Req.Steps.decode body/1 and Req.Steps.decompres...
PT-2026-45517
microtar through 0.1.0 contains a stack-based buffer overflow vulnerability in the raw to header function in src/microtar.c that allows attackers to corrupt adjacent stack memory by supplying a crafted TAR archive with non-null-terminated name or linkname fields. The function uses strcpy to copy...
Unbounded allocation for old GNU sparse in archive/tar
...
Important: libarchive security update
The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...
Improper Handling of Unicode Encoding
Overview tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Improper Handling of Unicode Encoding in Path Reservations via Unicode Sharp-S ß Collisions on macOS APFS. An attacker can overwrite arbitrary files by exploiting Unicode normalization collisions ...
JLSEC-2025-244 Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar i...
Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function headerpaxextension at rchivereadsupportformattar.c:1844:8...
RLSA-2025:9431 Moderate: libarchive security update
The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...
RLSA-2025:9420 Moderate: libarchive security update
The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...
Libarchive: off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c
...
The vulnerability of the header_gnu_longlink function in the archive_read_support_format_tar.c file of the Libarchive library allows a attacker to cause a service failure.
The vulnerability of the headergnulonglink function in the archivereadsupportformattar.c file of the Libarchive library is related to the execution of operations outside of the buffer. Exploiting this vulnerability could allow an attacker to cause a service failure...
SUSE CVE-2024-48615
Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function headerpaxextension at rchivereadsupportformattar.c:1844:8...
OESA-2025-1313 libarchive security update
is an open-source BSD-licensed C programming library that provides streaming access to a variety of different archive formats, including tar, cpio, pax, zip, and ISO9660 images. The distribution also includes bsdtar and bsdcpio, full-featured implementations of tar and cpio that use . Security...
tar: heap buffer overflow at from_header() in list.c via specially crafted checksum
A flaw was found in the Tar package. When attempting to read files with old V7 tar format with a specially crafted checksum, an invalid memory read may occur. An attacker could possibly use this issue to expose sensitive information or cause a crash...
GHSA-5R98-F33J-G8H7 pnpm incorrectly parses tar archives relative to specification
Summary It is possible to construct a tarball that, when installed via npm or parsed by the registry is safe, but when installed via pnpm is malicious, due to how pnpm parses tar archives. Details The TAR format is an append-only archive format, and as such, the specification for how to update a...
pnpm incorrectly parses tar archives relative to specification
Summary It is possible to construct a tarball that, when installed via npm or parsed by the registry is safe, but when installed via pnpm is malicious, due to how pnpm parses tar archives. Details The TAR format is an append-only archive format, and as such, the specification for how to update a...
SUSE CVE-2015-8933
Integer overflow in the archivereadformattarskip function in archivereadsupportformattar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service crash via a crafted tar file...
GitLab: Local files could be overwritten in GitLab, leading to remote command execution
Summary Arbitrary file overwrite A new feature download a directory of a repository in GitLab 11.11 introduced some changes in ./internal/service/repository/archive.go of Gitaly. go func handleArchivectx context.Context, writer io.Writer, in gitalypb.GetArchiveRequest, compressCmd exec.Cmd, forma...
USN-3351-1 evince vulnerability
Felix Wilhelm discovered that Evince did not safely invoke tar when handling tar comic book cbt files. An attacker could use this to construct a malicious cbt comic book format file that, when opened in Evince, executes arbitrary code. Please note that this update disables support for cbt files i...
Cisco Email Security Appliance Content Filter Bypass Vulnerability
A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass user filters that are configured for an affected device. The vulnerability is due to improper filtering of certain TAR...
PT-2015-7837 · Libarchive +5 · Libarchive +5
Name of the Vulnerable Software and Affected Versions: libarchive versions prior to 3.2.0 Description: The issue allows remote attackers to cause a denial of service out-of-bounds read via a crafted tar file. This is due to a problem in the archive read format tar read header function in archive...