Feep Libtar 1.2.20

CPE Details

Feep Libtar 1.2.20
feep
libtar
1.2.20
2013-10-18
14h46 +00:00
2013-10-25
14h38 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:feep:libtar:1.2.20:*:*:*:*:*:*:*

Informations

Vendor

feep

Product

libtar

Version

1.2.20

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2021-33643 2022-08-08 22h00 +00:00 An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.
9.1
Critique
CVE-2021-33644 2022-08-08 22h00 +00:00 An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read.
8.1
Haute
CVE-2021-33645 2022-08-08 22h00 +00:00 The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak.
7.5
Haute
CVE-2021-33646 2022-08-08 22h00 +00:00 The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak.
7.5
Haute
CVE-2013-4420 2014-02-20 15h00 +00:00 Multiple directory traversal vulnerabilities in the (1) tar_extract_glob and (2) tar_extract_all functions in libtar 1.2.20 and earlier allow remote attackers to overwrite arbitrary files via a .. (dot dot) in a crafted tar file.
5.8