pkg:Debian/tar
23 total CVEsHIGH4MEDIUM7LOW1
✅ Check your installed version
All known vulnerabilities
- HIGH7.5CVE-2019-9923pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed exten…from 0, < 1.32+dfsg-1
- from 0, < 1.29b-1.1
- from 0, < 1.26+dfsg-0.1+deb7u1
- from 0, < 1.27.1-2+deb8u1
- from 0, < 1.30+dfsg-6+deb10u1
- from 0, < 1.34+dfsg-1+deb11u1
- from 0
- MEDIUM5.5CVE-2022-48303GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump.from 0, < 1.34+dfsg-1+deb11u1
- from 0, < 1.27.1-2+deb8u2
- from 0, < 1.30+dfsg-3.1
- from 0, < 1.29b-1.1+deb9u1
- from 0, < 1.34+dfsg-1
- —CVE-2010-0624Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio…from 0, < 1.23-1
- from 0, < 1.18-1
- from 0, < 1.16-2etch1
- from 0, < 1.18-2
- from 0, < 1.14-2.3
- from 0, < 1.16-2
- from 0, < 1.15.1-3
- from 0, < 1.14-2.1
- —CVE-2005-1918The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect…from 0, < 1.14-2.2
- —CVE-2005-2541Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain…from 0
- —CVE-2002-1216GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result…from 0, < 1.13.25