Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/130393?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/130393?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1%2Bdeb11u1?distro=trixie", "type": "deb", "namespace": "debian", "name": "tar", "version": "1.34+dfsg-1+deb11u1", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.34+dfsg-1.2+deb12u1", "latest_non_vulnerable_version": "1.35+dfsg-4", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101928?format=api", "vulnerability_id": "VCID-3pbt-bsvc-8bdk", "summary": "GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48303.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48303.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-48303", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14989", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14967", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.15074", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.15065", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.15025", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14942", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-48303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48303" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://savannah.gnu.org/patch/?10307", "reference_id": "?10307", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T20:34:11Z/" } ], "url": "https://savannah.gnu.org/patch/?10307" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149722", "reference_id": "2149722", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149722" }, { "reference_url": "https://savannah.gnu.org/bugs/?62387", "reference_id": "?62387", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T20:34:11Z/" } ], "url": "https://savannah.gnu.org/bugs/?62387" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRY7VEL4AIG3GLIEVCTOXRZNSVYDYYUD/", "reference_id": "CRY7VEL4AIG3GLIEVCTOXRZNSVYDYYUD", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T20:34:11Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRY7VEL4AIG3GLIEVCTOXRZNSVYDYYUD/" }, { "reference_url": "https://security.gentoo.org/glsa/202402-12", "reference_id": "GLSA-202402-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202402-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0842", "reference_id": "RHSA-2023:0842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0959", "reference_id": "RHSA-2023:0959", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0959" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5610", "reference_id": "RHSA-2023:5610", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5610" }, { "reference_url": "https://usn.ubuntu.com/5900-1/", "reference_id": "USN-5900-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5900-1/" }, { "reference_url": "https://usn.ubuntu.com/5900-2/", "reference_id": "USN-5900-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5900-2/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5VQYCO52Z7GAVCLRYUITN7KXHLRZQS4/", "reference_id": "X5VQYCO52Z7GAVCLRYUITN7KXHLRZQS4", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T20:34:11Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5VQYCO52Z7GAVCLRYUITN7KXHLRZQS4/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/130393?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130391?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1.2%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1.2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130406?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1.4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1.4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130395?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-3.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130394?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-48303" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3pbt-bsvc-8bdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66322?format=api", "vulnerability_id": "VCID-4kmr-7k2m-hkg6", "summary": "Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-0300.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-0300.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-0300", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.18808", "scoring_system": "epss", "scoring_elements": "0.9542", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.18808", "scoring_system": "epss", "scoring_elements": "0.95428", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.18808", "scoring_system": "epss", "scoring_elements": "0.95431", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.18808", "scoring_system": "epss", "scoring_elements": "0.95433", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.18808", "scoring_system": "epss", "scoring_elements": "0.95437", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-0300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0300" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617881", "reference_id": "1617881", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617881" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=354091", "reference_id": "354091", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=354091" }, { "reference_url": "https://security.gentoo.org/glsa/200603-06", "reference_id": "GLSA-200603-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200603-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0232", "reference_id": "RHSA-2006:0232", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0232" }, { "reference_url": "https://usn.ubuntu.com/257-1/", "reference_id": "USN-257-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/257-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/130397?format=api", "purl": "pkg:deb/debian/tar@1.15.1-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.15.1-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130393?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130391?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1.2%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1.2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130395?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-3.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130394?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2006-0300" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4kmr-7k2m-hkg6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101922?format=api", "vulnerability_id": "VCID-4kuz-mgjb-tufw", "summary": "GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-6097.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-6097.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-6097", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10442", "scoring_system": "epss", "scoring_elements": "0.9336", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.10442", "scoring_system": "epss", "scoring_elements": "0.93371", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.10442", "scoring_system": "epss", "scoring_elements": "0.93372", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.10442", "scoring_system": "epss", "scoring_elements": "0.9337", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.10442", "scoring_system": "epss", "scoring_elements": "0.93379", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-6097" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6097", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6097" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618237", "reference_id": "1618237", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618237" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=399845", "reference_id": "399845", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=399845" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/29160.c", "reference_id": "CVE-2006-6097;OSVDB-30721", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/29160.c" }, { "reference_url": "https://www.securityfocus.com/bid/21235/info", "reference_id": "CVE-2006-6097;OSVDB-30721", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/21235/info" }, { "reference_url": "https://security.gentoo.org/glsa/200612-10", "reference_id": "GLSA-200612-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200612-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0749", "reference_id": "RHSA-2006:0749", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0749" }, { "reference_url": "https://usn.ubuntu.com/385-1/", "reference_id": "USN-385-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/385-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/130398?format=api", "purl": "pkg:deb/debian/tar@1.16-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.16-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130393?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130391?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1.2%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1.2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130395?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-3.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130394?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2006-6097" ], "risk_score": 0.2, "exploitability": "2.0", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4kuz-mgjb-tufw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101926?format=api", "vulnerability_id": "VCID-5buh-y5vq-quf3", "summary": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9923.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9923.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9923", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.61057", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.61011", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.6106", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.61068", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.61056", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.61039", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9923" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9923", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9923" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1691764", "reference_id": "1691764", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1691764" }, { "reference_url": "https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241", "reference_id": "1810241", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:59:20Z/" } ], "url": "https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241" }, { "reference_url": "http://savannah.gnu.org/bugs/?55369", "reference_id": "?55369", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:59:20Z/" } ], "url": "http://savannah.gnu.org/bugs/?55369" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925286", "reference_id": "925286", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925286" }, { "reference_url": "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120", "reference_id": "?id=cb07844454d8cc9fb21f53ace75975f91185a120", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:59:20Z/" } ], "url": "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html", "reference_id": "msg00077.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:59:20Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html" }, { "reference_url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", "reference_id": "r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:59:20Z/" } ], "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", "reference_id": "rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:59:20Z/" } ], "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://usn.ubuntu.com/4692-1/", "reference_id": "USN-4692-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4692-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/130404?format=api", "purl": "pkg:deb/debian/tar@1.32%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.32%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130393?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130391?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1.2%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1.2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130395?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-3.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130394?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-9923" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5buh-y5vq-quf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65404?format=api", "vulnerability_id": "VCID-5d3n-ytds-2fhy", "summary": "Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a \"crashing stack.\"", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4476.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4476.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-4476", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12223", "scoring_system": "epss", "scoring_elements": "0.93976", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.12223", "scoring_system": "epss", "scoring_elements": "0.93984", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.12223", "scoring_system": "epss", "scoring_elements": "0.93983", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.12223", "scoring_system": "epss", "scoring_elements": "0.93985", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.12223", "scoring_system": "epss", "scoring_elements": "0.9399", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-4476" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4476", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4476" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=280961", "reference_id": "280961", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=280961" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=441444", "reference_id": "441444", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=441444" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449222", "reference_id": "449222", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449222" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/30766.c", "reference_id": "CVE-2007-4476;OSVDB-42149", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/30766.c" }, { "reference_url": "https://www.securityfocus.com/bid/26445/info", "reference_id": "CVE-2007-4476;OSVDB-42149", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/26445/info" }, { "reference_url": "https://security.gentoo.org/glsa/200711-18", "reference_id": "GLSA-200711-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200711-18" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0141", "reference_id": "RHSA-2010:0141", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0141" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0144", "reference_id": "RHSA-2010:0144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0144" }, { "reference_url": "https://usn.ubuntu.com/650-1/", "reference_id": "USN-650-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/650-1/" }, { "reference_url": "https://usn.ubuntu.com/709-1/", "reference_id": "USN-709-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/709-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/130400?format=api", "purl": "pkg:deb/debian/tar@1.18-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.18-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130393?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130391?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1.2%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1.2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130395?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-3.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130394?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2007-4476" ], "risk_score": 0.2, "exploitability": "2.0", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5d3n-ytds-2fhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65405?format=api", "vulnerability_id": "VCID-bfha-y2nr-3fbz", "summary": "Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0624.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0624.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0624", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01474", "scoring_system": "epss", "scoring_elements": "0.81286", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01474", "scoring_system": "epss", "scoring_elements": "0.81314", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01474", "scoring_system": "epss", "scoring_elements": "0.81317", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01474", "scoring_system": "epss", "scoring_elements": "0.81311", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01474", "scoring_system": "epss", "scoring_elements": "0.81327", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0624" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0624", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0624" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=564368", "reference_id": "564368", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=564368" }, { "reference_url": "https://security.gentoo.org/glsa/201111-11", "reference_id": "GLSA-201111-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201111-11" }, { "reference_url": "https://security.gentoo.org/glsa/201311-21", "reference_id": "GLSA-201311-21", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201311-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0141", "reference_id": "RHSA-2010:0141", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0141" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0142", "reference_id": "RHSA-2010:0142", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0142" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0143", "reference_id": "RHSA-2010:0143", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0143" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0144", "reference_id": "RHSA-2010:0144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0145", "reference_id": "RHSA-2010:0145", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0145" }, { "reference_url": "https://usn.ubuntu.com/2456-1/", "reference_id": "USN-2456-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2456-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/130401?format=api", "purl": "pkg:deb/debian/tar@1.23-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.23-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130393?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130391?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1.2%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1.2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130395?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-3.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130394?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2010-0624" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bfha-y2nr-3fbz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101923?format=api", "vulnerability_id": "VCID-bkkg-cj7d-duf1", "summary": "Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4131.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4131.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-4131", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0838", "scoring_system": "epss", "scoring_elements": "0.92458", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0838", "scoring_system": "epss", "scoring_elements": "0.92476", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.11443", "scoring_system": "epss", "scoring_elements": "0.93731", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.11443", "scoring_system": "epss", "scoring_elements": "0.9374", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.11443", "scoring_system": "epss", "scoring_elements": "0.93739", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-4131" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4131", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4131" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=251921", "reference_id": "251921", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=251921" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439335", "reference_id": "439335", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439335" }, { "reference_url": "https://security.gentoo.org/glsa/200709-09", "reference_id": "GLSA-200709-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200709-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0860", "reference_id": "RHSA-2007:0860", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0860" }, { "reference_url": "https://usn.ubuntu.com/506-1/", "reference_id": "USN-506-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/506-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/130399?format=api", "purl": "pkg:deb/debian/tar@1.18-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.18-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130393?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130391?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1.2%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1.2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130395?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-3.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130394?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2007-4131" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bkkg-cj7d-duf1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101927?format=api", "vulnerability_id": "VCID-grcw-k89g-xff3", "summary": "A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20193.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20193.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20193", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21342", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21307", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21362", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21298", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21421", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21407", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20193" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20193", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20193" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1917565", "reference_id": "1917565", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1917565" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980525", "reference_id": "980525", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980525" }, { "reference_url": "https://security.archlinux.org/ASA-202102-41", "reference_id": "ASA-202102-41", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202102-41" }, { "reference_url": "https://security.archlinux.org/AVG-1462", "reference_id": "AVG-1462", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1462" }, { "reference_url": "https://security.gentoo.org/glsa/202105-29", "reference_id": "GLSA-202105-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-29" }, { "reference_url": "https://usn.ubuntu.com/5329-1/", "reference_id": "USN-5329-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5329-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/130405?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130393?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130391?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1.2%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1.2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130395?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-3.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130394?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-20193" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-grcw-k89g-xff3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91780?format=api", "vulnerability_id": "VCID-jv7s-vyp7-17bf", "summary": "tar: Incorrectly handled extension attributes in PAX archives can lead to a crash", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39804.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39804.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39804", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10861", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10963", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10954", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10921", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10841", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39804" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058079", "reference_id": "1058079", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-04T11:15:54Z/" } ], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058079" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254067", "reference_id": "2254067", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254067" }, { "reference_url": "https://git.savannah.gnu.org/cgit/tar.git/commit/?id=a339f05cd269013fa133d2f148d73f6f7d4247e4", "reference_id": "?id=a339f05cd269013fa133d2f148d73f6f7d4247e4", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-04T11:15:54Z/" } ], "url": "https://git.savannah.gnu.org/cgit/tar.git/commit/?id=a339f05cd269013fa133d2f148d73f6f7d4247e4" }, { "reference_url": "https://usn.ubuntu.com/6543-1/", "reference_id": "USN-6543-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6543-1/" }, { "reference_url": "https://git.savannah.gnu.org/cgit/tar.git/tree/src/xheader.c?h=release_1_34#n1723", "reference_id": "xheader.c?h=release_1_34#n1723", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-04T11:15:54Z/" } ], "url": "https://git.savannah.gnu.org/cgit/tar.git/tree/src/xheader.c?h=release_1_34#n1723" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/130393?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130391?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1.2%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1.2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130408?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1.3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1.3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130395?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-3.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130394?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-39804" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jv7s-vyp7-17bf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101918?format=api", "vulnerability_id": "VCID-qtbj-uzkz-vfc5", "summary": "GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-1216.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-1216.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2002-1216", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.7169", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71731", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71737", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71714", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71699", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71721", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2002-1216" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1216", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1216" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616858", "reference_id": "1616858", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2002:096", "reference_id": "RHSA-2002:096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2002:096" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2002:138", "reference_id": "RHSA-2002:138", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2002:138" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2003:218", "reference_id": "RHSA-2003:218", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2003:218" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/130392?format=api", "purl": "pkg:deb/debian/tar@1.13.25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.13.25%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130393?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130391?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1.2%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1.2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130395?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-3.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130394?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2002-1216" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qtbj-uzkz-vfc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101925?format=api", "vulnerability_id": "VCID-rf4x-27eg-sudu", "summary": "GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20482.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20482.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20482", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05804", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05801", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.0582", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05775", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05827", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05817", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20482" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20482", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20482" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1662346", "reference_id": "1662346", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1662346" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917377", "reference_id": "917377", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917377" }, { "reference_url": "https://security.archlinux.org/ASA-201901-1", "reference_id": "ASA-201901-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201901-1" }, { "reference_url": "https://security.archlinux.org/AVG-841", "reference_id": "AVG-841", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-841" }, { "reference_url": "https://security.gentoo.org/glsa/201903-05", "reference_id": "GLSA-201903-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201903-05" }, { "reference_url": "https://usn.ubuntu.com/4692-1/", "reference_id": "USN-4692-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4692-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/130403?format=api", "purl": "pkg:deb/debian/tar@1.30%2Bdfsg-3.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.30%252Bdfsg-3.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130393?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130391?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1.2%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1.2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130395?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-3.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130394?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-20482" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rf4x-27eg-sudu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101920?format=api", "vulnerability_id": "VCID-xuaq-deyv-syat", "summary": "The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an \"incorrect optimization\" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving \"/../\" sequences with a leading \"/\".", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-1918.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-1918.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-1918", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02059", "scoring_system": "epss", "scoring_elements": "0.84219", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02059", "scoring_system": "epss", "scoring_elements": "0.84243", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02059", "scoring_system": "epss", "scoring_elements": "0.84246", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02059", "scoring_system": "epss", "scoring_elements": "0.8424", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.02059", "scoring_system": "epss", "scoring_elements": "0.84228", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.02059", "scoring_system": "epss", "scoring_elements": "0.84241", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-1918" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1918", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1918" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=140589", "reference_id": "140589", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=140589" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0195", "reference_id": "RHSA-2006:0195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0195" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/130396?format=api", "purl": "pkg:deb/debian/tar@1.14-2.2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.14-2.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130393?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130391?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1.2%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1.2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130395?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-3.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130394?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2005-1918" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xuaq-deyv-syat" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101924?format=api", "vulnerability_id": "VCID-yvjc-y8sc-z7ac", "summary": "Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6321.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6321.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6321", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.14261", "scoring_system": "epss", "scoring_elements": "0.94535", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.14261", "scoring_system": "epss", "scoring_elements": "0.94524", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.14261", "scoring_system": "epss", "scoring_elements": "0.94541", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.14261", "scoring_system": "epss", "scoring_elements": "0.94536", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.14261", "scoring_system": "epss", "scoring_elements": "0.94532", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.14261", "scoring_system": "epss", "scoring_elements": "0.94534", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6321" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6321", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6321" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://seclists.org/fulldisclosure/2016/Oct/102", "reference_id": "102", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:54:23Z/" } ], "url": "http://seclists.org/fulldisclosure/2016/Oct/102" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1318562", "reference_id": "1318562", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1318562" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842339", "reference_id": "842339", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842339" }, { "reference_url": "http://www.securityfocus.com/bid/93937", "reference_id": "93937", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:54:23Z/" } ], "url": "http://www.securityfocus.com/bid/93937" }, { "reference_url": "http://seclists.org/fulldisclosure/2016/Oct/96", "reference_id": "96", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:54:23Z/" } ], "url": "http://seclists.org/fulldisclosure/2016/Oct/96" }, { "reference_url": "https://security.archlinux.org/ASA-201611-11", "reference_id": "ASA-201611-11", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-11" }, { "reference_url": "https://security.archlinux.org/AVG-64", "reference_id": "AVG-64", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-64" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3702", "reference_id": "dsa-3702", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:54:23Z/" } ], "url": "http://www.debian.org/security/2016/dsa-3702" }, { "reference_url": "https://security.gentoo.org/glsa/201611-19", "reference_id": "GLSA-201611-19", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:54:23Z/" } ], "url": "https://security.gentoo.org/glsa/201611-19" }, { "reference_url": "http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html", "reference_id": "GNU-tar-1.29-Extract-Pathname-Bypass.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:54:23Z/" } ], "url": "http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html" }, { "reference_url": "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d", "reference_id": "?id=7340f67b9860ea0531c1450e5aa261c50f67165d", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:54:23Z/" } ], "url": "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d" }, { "reference_url": "http://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html", "reference_id": "msg00016.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:54:23Z/" } ], "url": "http://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html" }, { "reference_url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", "reference_id": "r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:54:23Z/" } ], "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", "reference_id": "rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:54:23Z/" } ], "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt", "reference_id": "tar-extract-pathname-bypass.proper.txt", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:54:23Z/" } ], "url": "https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt" }, { "reference_url": "https://usn.ubuntu.com/3132-1/", "reference_id": "USN-3132-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3132-1/" }, { "reference_url": "http://www.ubuntu.com/usn/USN-3132-1", "reference_id": "USN-3132-1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:54:23Z/" } ], "url": "http://www.ubuntu.com/usn/USN-3132-1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/130402?format=api", "purl": "pkg:deb/debian/tar@1.29b-1.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.29b-1.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130393?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130391?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1.2%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1.2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130395?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-3.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130394?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-6321" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yvjc-y8sc-z7ac" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }