Information on source package tar

Available versions

Bug	jessie	stretch	buster	bullseye	bookworm	trixie	sid	Description
CVE-2023-39804	vulnerable (no DSA)	vulnerable (no DSA)	fixed	fixed	fixed	fixed	fixed	In GNU tar before 1.35, mishandled extension attributes in a PAX archi ...

Bug	jessie	stretch	buster	bullseye	bookworm	trixie	sid	Description
TEMP-0290435-0B57B5	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	tar's rmt command may have undesired side effects
CVE-2022-48303	vulnerable	vulnerable	vulnerable	fixed	fixed	fixed	fixed	GNU Tar through 1.34 has a one-byte out-of-bounds read that results in ...
CVE-2021-20193	vulnerable	vulnerable	vulnerable	fixed	fixed	fixed	fixed	A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw ...
CVE-2019-9923	vulnerable	vulnerable	vulnerable	fixed	fixed	fixed	fixed	pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointe ...
CVE-2005-2541	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	Tar 1.15.1 does not properly warn the user when extracting setuid or s ...

Bug	Description
CVE-2018-20482	GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage ...
CVE-2016-6321	Directory traversal vulnerability in the safer_name_suffix function in ...
CVE-2010-0624	Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib. ...
CVE-2007-4476	Buffer overflow in the safer_name_suffix function in GNU tar has unspe ...
CVE-2007-4131	Directory traversal vulnerability in the contains_dot_dot function in ...
CVE-2006-6097	GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assi ...
CVE-2006-0300	Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attac ...
CVE-2005-1918	The original patch for a GNU tar directory traversal vulnerability (CV ...
CVE-2002-1216	GNU tar 1.13.19 and other versions before 1.13.25 allows remote attack ...