QwikSec

Security Database

CVE

CWE

Training

CVE-2013-4397

Published: Oct 17, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple integer overflows in the th_read function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) name or (2) link in an archive, which triggers a heap-based buffer overflow.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[libtar] 20131009 ANNOUNCE: libtar version 1.2.20

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_REDHAT

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_SECTRACK

https://source.android.com/security/bulletin/2018-01-01

x_refsource_CONFIRM

[oss-security] 20131010 Re: Integer overflow in libtar (<= 1.2.19)

mailing-list

x_refsource_MLIST

third-party-advisory

x_refsource_SECUNIA

http://repo.or.cz/w/libtar.git/commitdiff/45448e8bae671c2f7e80b860ae0fc0cedf2bdc04

x_refsource_CONFIRM

vdb-entry

x_refsource_SECTRACK

vendor-advisory

x_refsource_DEBIAN

vdb-entry

x_refsource_BID

[oss-security] 20131010 Integer overflow in libtar (<= 1.2.19)

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.