RSS   Vulnerabilities for 'Libtar'   RSS

2014-02-20
 
CVE-2013-4420

CWE-22
 

 
Multiple directory traversal vulnerabilities in the (1) tar_extract_glob and (2) tar_extract_all functions in libtar 1.2.20 and earlier allow remote attackers to overwrite arbitrary files via a .. (dot dot) in a crafted tar file.

 
2013-10-17
 
CVE-2013-4397

CWE-189
 

 
Multiple integer overflows in the th_read function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) name or (2) link in an archive, which triggers a heap-based buffer overflow.

 


Copyright 2024, cxsecurity.com

 

Back to Top