Feep Libtar 1.2.15

CPE Details

Feep Libtar 1.2.15
1.2.15
2013-10-18
14h46 +00:00
2013-10-25
14h38 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:feep:libtar:1.2.15:*:*:*:*:*:*:*

Informations

Vendor

feep

Product

libtar

Version

1.2.15

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-33643 2022-08-08 22h00 +00:00 An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.
9.1
Critical
CVE-2021-33644 2022-08-08 22h00 +00:00 An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read.
8.1
High
CVE-2021-33645 2022-08-08 22h00 +00:00 The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak.
7.5
High
CVE-2021-33646 2022-08-08 22h00 +00:00 The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak.
7.5
High
CVE-2013-4420 2014-02-20 15h00 +00:00 Multiple directory traversal vulnerabilities in the (1) tar_extract_glob and (2) tar_extract_all functions in libtar 1.2.20 and earlier allow remote attackers to overwrite arbitrary files via a .. (dot dot) in a crafted tar file.
5.8
CVE-2013-4397 2013-10-17 21h00 +00:00 Multiple integer overflows in the th_read function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) name or (2) link in an archive, which triggers a heap-based buffer overflow.
6.8