CVE-2013-4397Heap-based Buffer Overflow in Libtar

CWE-189CWE-122Heap-based Buffer Overflow16 documents8 sources
Severity
6.8MEDIUMNVD
EPSS
4.3%
top 11.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Feep LibtarDebian LibtarRedhat Enterprise Linux+1 more
Timeline
PublishedOct 17
Latest updateMay 14

Description

Multiple integer overflows in the th_read function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) name or (2) link in an archive, which triggers a heap-based buffer overflow.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages4 packages

debiandebian/libtar< libtar 1.2.20-1 (bookworm)
Debianfeep/libtar< 1.2.20-1+1
NVDfeep/libtar1.2.19+7

Also affects: Enterprise Linux 6.0

Patches

Patch: repo.or.czPatch: repo.or.cz

🔴Vulnerability Details

2
GHSA
GHSA-x7xr-v9wq-28m3: Multiple integer overflows in the th_read function in lib/block2022-05-14
OSV
CVE-2013-4397: Multiple integer overflows in the th_read function in lib/block2013-10-17

📋Vendor Advisories

9
Android
CVE-2013-4397: Closed-source component2018-01-01
Red Hat
libtar: Heap-based buffer overflows by expanding a specially-crafted archive2013-10-09
Debian
CVE-2013-4397: libtar - Multiple integer overflows in the th_read function in lib/block.c in libtar befo...2013
Citrix
Citrix Security Bulletin CTX136623
Citrix
Citrix Security Bulletin CTX135815

💬Community

4
Bugzilla
CVE-2013-4397 libtar: Heap-based buffer overflows by expanding a specially-crafted archive [epel-5]2013-10-10
Bugzilla
CVE-2013-4397 libtar: Heap-based buffer overflows by expanding a specially-crafted archive [fedora-all]2013-10-10
Bugzilla
CVE-2013-4397 libtar: Heap-based buffer overflows by expanding a specially-crafted archive2013-10-02
Bugzilla
CVE-2013-1879 ActiveMQ: XSS vulnerability in scheduled.jsp2013-03-21
CVE-2013-4397 — Heap-based Buffer Overflow in Libtar | cvebase