Tar@* Security Vulnerabilities and Issues — Tar@* CVE List

Lucene search

GnuTar*

9 matches found

CVE•added 2018/12/26 6:29 p.m.•363 views

CVE-2018-20482

GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system b...

4.7CVSS4.5AI score0.00012EPSS

CVE•added 2021/03/26 5:15 p.m.•316 views

CVE-2021-20193

A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.

4.3CVSS5.2AI score0.001EPSS

CVE•added 2019/03/22 8:29 a.m.•276 views

CVE-2019-9923

pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.

7.5CVSS5.6AI score0.00466EPSS

CVE•added 2023/01/30 4:15 a.m.•186 views

CVE-2022-48303

GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace ...

5.5CVSS5.6AI score0.00032EPSS

CVE•added 2007/09/05 1:17 a.m.•102 views

CVE-2007-4476

Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."

7.5CVSS7.5AI score0.11809EPSS

CVE•added 2004/09/01 4:0 a.m.•89 views

CVE-2001-1267

Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot).

2.1CVSS6.5AI score0.00119EPSS

CVE•added 2010/03/15 1:28 p.m.•83 views

CVE-2010-0624

Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was request...

6.8CVSS8.1AI score0.01858EPSS

CVE•added 2002/10/28 5:0 a.m.•43 views

CVE-2002-1216

GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check.

5CVSS7.4AI score0.00751EPSS

CVE•added 2025/07/11 5:15 p.m.•17 views

CVE-2025-45582

GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, speci...

4.1CVSS6.4AI score0.00023EPSS