Feep Libtar

Do you want an email whenever new security vulnerabilities are reported in Feep Libtar?

By the Year

In 2024 there have been 0 vulnerabilities in Feep Libtar . Libtar did not have any published security vulnerabilities last year.

Year	Vulnerabilities	Average Score
2024	0	0.00
2023	0	0.00
2022	4	8.05
2021	0	0.00
2020	0	0.00
2019	0	0.00
2018	0	0.00

It may take a day or so for new Libtar vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Feep Libtar Security Vulnerabilities

The th_read() function doesnt free a variable t->th_buf.gnu_longname after allocating memory

CVE-2021-33646 7.5 - High - August 10, 2022

The th_read() function doesnt free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak.

Memory Leak

The th_read() function doesnt free a variable t->th_buf.gnu_longlink after allocating memory

CVE-2021-33645 7.5 - High - August 10, 2022

The th_read() function doesnt free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak.

Memory Leak

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname

CVE-2021-33644 8.1 - High - August 10, 2022

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read.

Out-of-bounds Read

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink

CVE-2021-33643 9.1 - Critical - August 10, 2022

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.

Out-of-bounds Read

Multiple integer overflows in the th_read function in lib/block.c in libtar before 1.2.20

CVE-2013-4397 - October 17, 2013

Multiple integer overflows in the th_read function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) name or (2) link in an archive, which triggers a heap-based buffer overflow.

Numeric Errors

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Feep Libtar or by Feep? Click the Watch button to subscribe.

Feep
Vendor

Feep Libtar
Product

Feep Libtar

By the Year

Recent Feep Libtar Security Vulnerabilities

The th_read() function doesnt free a variable t->th_buf.gnu_longname after allocating memory CVE-2021-33646 7.5 - High - August 10, 2022

The th_read() function doesnt free a variable t->th_buf.gnu_longlink after allocating memory CVE-2021-33645 7.5 - High - August 10, 2022

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname CVE-2021-33644 8.1 - High - August 10, 2022

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink CVE-2021-33643 9.1 - Critical - August 10, 2022

Multiple integer overflows in the th_read function in lib/block.c in libtar before 1.2.20 CVE-2013-4397 - October 17, 2013