National Vulnerability Database

National Vulnerability Database

National Vulnerability

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:feep:libtar:1.2.18
There are 2 matching records.
Vuln ID Summary CVSS Severity

Multiple directory traversal vulnerabilities in the (1) tar_extract_glob and (2) tar_extract_all functions in libtar 1.2.20 and earlier allow remote attackers to overwrite arbitrary files via a .. (dot dot) in a crafted tar file.

Published: February 20, 2014; 11:55:05 AM -05:00
    V2: 5.8 MEDIUM

Multiple integer overflows in the th_read function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) name or (2) link in an archive, which triggers a heap-based buffer overflow.

Published: October 17, 2013; 07:55:04 PM -04:00
    V2: 6.8 MEDIUM