Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/940537?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/940537?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1%2Bdeb11u1?distro=trixie", "type": "deb", "namespace": "debian", "name": "tar", "version": "1.34+dfsg-1+deb11u1", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.34+dfsg-1.2+deb12u1", "latest_non_vulnerable_version": "1.35+dfsg-4", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56412?format=api", "vulnerability_id": "VCID-6znq-56pa-tyet", "summary": "A malicious tar archive could trigger a Buffer overflow in GNU tar,\n potentially resulting in the execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-0300.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-0300.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-0300", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.18808", "scoring_system": "epss", "scoring_elements": "0.95257", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.18808", "scoring_system": "epss", "scoring_elements": "0.95269", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.18808", "scoring_system": "epss", "scoring_elements": "0.95275", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.18808", "scoring_system": "epss", "scoring_elements": "0.9528", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.18808", "scoring_system": "epss", "scoring_elements": "0.95288", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.18808", "scoring_system": "epss", "scoring_elements": "0.9529", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.18808", "scoring_system": "epss", "scoring_elements": "0.95295", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.18808", "scoring_system": "epss", "scoring_elements": "0.95296", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.18808", "scoring_system": "epss", "scoring_elements": "0.95298", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.18808", "scoring_system": "epss", "scoring_elements": "0.95305", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.18808", "scoring_system": "epss", "scoring_elements": "0.95309", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.18808", "scoring_system": "epss", "scoring_elements": "0.95312", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.18808", "scoring_system": "epss", "scoring_elements": "0.95314", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.18808", "scoring_system": "epss", "scoring_elements": "0.95316", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.18808", "scoring_system": "epss", "scoring_elements": "0.95317", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-0300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0300" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617881", "reference_id": "1617881", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617881" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=354091", "reference_id": "354091", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=354091" }, { "reference_url": "https://security.gentoo.org/glsa/200603-06", "reference_id": "GLSA-200603-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200603-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0232", "reference_id": "RHSA-2006:0232", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0232" }, { "reference_url": "https://usn.ubuntu.com/257-1/", "reference_id": "USN-257-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/257-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/940541?format=api", "purl": "pkg:deb/debian/tar@1.15.1-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.15.1-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940537?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940535?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1.2%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1.2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940539?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-3.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940538?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2006-0300" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6znq-56pa-tyet" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59331?format=api", "vulnerability_id": "VCID-bjve-yt21-5uhe", "summary": "A vulnerability in Tar could lead to a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20193.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20193.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20193", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21172", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21017", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21044", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21047", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21325", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21379", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21133", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21213", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21275", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21285", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21244", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.2119", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21183", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21193", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.2117", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20193" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20193", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20193" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1917565", "reference_id": "1917565", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1917565" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980525", "reference_id": "980525", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980525" }, { "reference_url": "https://security.archlinux.org/ASA-202102-41", "reference_id": "ASA-202102-41", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202102-41" }, { "reference_url": "https://security.archlinux.org/AVG-1462", "reference_id": "AVG-1462", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1462" }, { "reference_url": "https://security.gentoo.org/glsa/202105-29", "reference_id": "GLSA-202105-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-29" }, { "reference_url": "https://usn.ubuntu.com/5329-1/", "reference_id": "USN-5329-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5329-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/940549?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940537?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940535?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1.2%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1.2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940539?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-3.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940538?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-20193" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bjve-yt21-5uhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89839?format=api", "vulnerability_id": "VCID-c117-938e-pkbm", "summary": "security flaw", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-1216.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-1216.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2002-1216", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71247", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71255", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71273", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71248", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71289", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71303", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71325", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.7131", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71294", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.7134", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71346", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.7138", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71387", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.7139", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2002-1216" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1216", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1216" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616858", "reference_id": "1616858", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2002:096", "reference_id": "RHSA-2002:096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2002:096" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2002:138", "reference_id": "RHSA-2002:138", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2002:138" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2003:218", "reference_id": "RHSA-2003:218", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2003:218" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/940536?format=api", "purl": "pkg:deb/debian/tar@1.13.25?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.13.25%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940537?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940535?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1.2%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1.2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940539?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-3.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940538?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2002-1216" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c117-938e-pkbm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48444?format=api", "vulnerability_id": "VCID-ft5f-trap-43fa", "summary": "GNU cpio contains a buffer overflow vulnerability, possibly resulting in a\n Denial of Service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4476.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4476.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-4476", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11809", "scoring_system": "epss", "scoring_elements": "0.93675", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.11809", "scoring_system": "epss", "scoring_elements": "0.93685", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.11809", "scoring_system": "epss", "scoring_elements": "0.93696", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.11809", "scoring_system": "epss", "scoring_elements": "0.93698", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.11809", "scoring_system": "epss", "scoring_elements": "0.93707", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.11809", "scoring_system": "epss", "scoring_elements": "0.93709", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.11809", "scoring_system": "epss", "scoring_elements": "0.93714", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.11809", "scoring_system": "epss", "scoring_elements": "0.93715", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.11809", "scoring_system": "epss", "scoring_elements": "0.93732", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.11809", "scoring_system": "epss", "scoring_elements": "0.93739", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.11809", "scoring_system": "epss", "scoring_elements": "0.93742", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.12223", "scoring_system": "epss", "scoring_elements": "0.93876", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.12223", "scoring_system": "epss", "scoring_elements": "0.93873", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.12223", "scoring_system": "epss", "scoring_elements": "0.93872", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-4476" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4476", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4476" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=280961", "reference_id": "280961", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=280961" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=441444", "reference_id": "441444", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=441444" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449222", "reference_id": "449222", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449222" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/30766.c", "reference_id": "CVE-2007-4476;OSVDB-42149", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/30766.c" }, { "reference_url": "https://www.securityfocus.com/bid/26445/info", "reference_id": "CVE-2007-4476;OSVDB-42149", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/26445/info" }, { "reference_url": "https://security.gentoo.org/glsa/200711-18", "reference_id": "GLSA-200711-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200711-18" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0141", "reference_id": "RHSA-2010:0141", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0141" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0144", "reference_id": "RHSA-2010:0144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0144" }, { "reference_url": "https://usn.ubuntu.com/650-1/", "reference_id": "USN-650-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/650-1/" }, { "reference_url": "https://usn.ubuntu.com/709-1/", "reference_id": "USN-709-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/709-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/940544?format=api", "purl": "pkg:deb/debian/tar@1.18-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.18-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940537?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940535?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1.2%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1.2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940539?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-3.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940538?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2007-4476" ], "risk_score": 0.2, "exploitability": "2.0", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ft5f-trap-43fa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77912?format=api", "vulnerability_id": "VCID-hq66-w1de-eqe9", "summary": "tar: Incorrectly handled extension attributes in PAX archives can lead to a crash", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39804.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39804.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39804", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.1048", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10436", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10551", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10528", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10395", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10381", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10509", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10494", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10493", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10549", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10413", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10487", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10555", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10584", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39804" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254067", "reference_id": "2254067", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254067" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058079", "reference_id": "bugreport.cgi?bug=1058079", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-04T11:15:54Z/" } ], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058079" }, { "reference_url": "https://git.savannah.gnu.org/cgit/tar.git/commit/?id=a339f05cd269013fa133d2f148d73f6f7d4247e4", "reference_id": "?id=a339f05cd269013fa133d2f148d73f6f7d4247e4", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-04T11:15:54Z/" } ], "url": "https://git.savannah.gnu.org/cgit/tar.git/commit/?id=a339f05cd269013fa133d2f148d73f6f7d4247e4" }, { "reference_url": "https://usn.ubuntu.com/6543-1/", "reference_id": "USN-6543-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6543-1/" }, { "reference_url": "https://git.savannah.gnu.org/cgit/tar.git/tree/src/xheader.c?h=release_1_34#n1723", "reference_id": "xheader.c?h=release_1_34#n1723", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-04T11:15:54Z/" } ], "url": "https://git.savannah.gnu.org/cgit/tar.git/tree/src/xheader.c?h=release_1_34#n1723" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/940537?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940535?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1.2%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1.2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940551?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1.3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1.3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940539?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-3.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940538?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-39804" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hq66-w1de-eqe9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46643?format=api", "vulnerability_id": "VCID-k3h6-k26e-vke3", "summary": "A directory traversal vulnerability has been discovered in GNU Tar.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4131.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4131.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-4131", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11051", "scoring_system": "epss", "scoring_elements": "0.93408", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.11051", "scoring_system": "epss", "scoring_elements": "0.93416", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.11051", "scoring_system": "epss", "scoring_elements": "0.93424", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.11051", "scoring_system": "epss", "scoring_elements": "0.93432", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.11051", "scoring_system": "epss", "scoring_elements": "0.93436", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.11051", "scoring_system": "epss", "scoring_elements": "0.93441", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.11051", "scoring_system": "epss", "scoring_elements": "0.93442", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.11443", "scoring_system": "epss", "scoring_elements": "0.93593", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.11443", "scoring_system": "epss", "scoring_elements": "0.93612", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.11443", "scoring_system": "epss", "scoring_elements": "0.93619", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.11443", "scoring_system": "epss", "scoring_elements": "0.93624", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.11443", "scoring_system": "epss", "scoring_elements": "0.93628", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.11443", "scoring_system": "epss", "scoring_elements": "0.93627", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.11443", "scoring_system": "epss", "scoring_elements": "0.93625", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-4131" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4131", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4131" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=251921", "reference_id": "251921", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=251921" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439335", "reference_id": "439335", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439335" }, { "reference_url": "https://security.gentoo.org/glsa/200709-09", "reference_id": "GLSA-200709-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200709-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0860", "reference_id": "RHSA-2007:0860", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0860" }, { "reference_url": "https://usn.ubuntu.com/506-1/", "reference_id": "USN-506-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/506-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/940543?format=api", "purl": "pkg:deb/debian/tar@1.18-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.18-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940537?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940535?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1.2%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1.2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940539?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-3.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940538?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2007-4131" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k3h6-k26e-vke3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36935?format=api", "vulnerability_id": "VCID-pkfu-tkaw-m7ba", "summary": "A vulnerability has been discovered in GNU Tar which may lead to an out of bounds read.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48303.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48303.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-48303", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13407", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13533", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13542", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13515", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14958", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14979", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14942", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14904", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14845", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14741", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14748", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.15035", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14839", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14928", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-48303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48303" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://savannah.gnu.org/patch/?10307", "reference_id": "?10307", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T20:34:11Z/" } ], "url": "https://savannah.gnu.org/patch/?10307" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149722", "reference_id": "2149722", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149722" }, { "reference_url": "https://savannah.gnu.org/bugs/?62387", "reference_id": "?62387", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T20:34:11Z/" } ], "url": "https://savannah.gnu.org/bugs/?62387" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRY7VEL4AIG3GLIEVCTOXRZNSVYDYYUD/", "reference_id": "CRY7VEL4AIG3GLIEVCTOXRZNSVYDYYUD", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T20:34:11Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRY7VEL4AIG3GLIEVCTOXRZNSVYDYYUD/" }, { "reference_url": "https://security.gentoo.org/glsa/202402-12", "reference_id": "GLSA-202402-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202402-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0842", "reference_id": "RHSA-2023:0842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0959", "reference_id": "RHSA-2023:0959", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0959" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5610", "reference_id": "RHSA-2023:5610", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5610" }, { "reference_url": "https://usn.ubuntu.com/5900-1/", "reference_id": "USN-5900-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5900-1/" }, { "reference_url": "https://usn.ubuntu.com/5900-2/", "reference_id": "USN-5900-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5900-2/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5VQYCO52Z7GAVCLRYUITN7KXHLRZQS4/", "reference_id": "X5VQYCO52Z7GAVCLRYUITN7KXHLRZQS4", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T20:34:11Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5VQYCO52Z7GAVCLRYUITN7KXHLRZQS4/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/940537?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940535?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1.2%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1.2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940550?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1.4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1.4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940539?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-3.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940538?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-48303" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pkfu-tkaw-m7ba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82906?format=api", "vulnerability_id": "VCID-rpve-2nqs-mucp", "summary": "tar: null-pointer dereference in pax_decode_header in sparse.c", "references": [ { "reference_url": "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:59:20Z/" } ], "url": "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:59:20Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9923.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9923.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9923", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.60732", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.60635", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.60714", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.6071", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.60709", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.60689", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.60722", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.60738", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.6056", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00531", "scoring_system": "epss", "scoring_elements": "0.67298", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00531", "scoring_system": "epss", "scoring_elements": "0.67237", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00531", "scoring_system": "epss", "scoring_elements": "0.67213", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00531", "scoring_system": "epss", "scoring_elements": "0.67264", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00531", "scoring_system": "epss", "scoring_elements": "0.67278", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9923" }, { "reference_url": "http://savannah.gnu.org/bugs/?55369", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:59:20Z/" } ], "url": "http://savannah.gnu.org/bugs/?55369" }, { "reference_url": "https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:59:20Z/" } ], "url": "https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9923", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9923" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:59:20Z/" } ], "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:59:20Z/" } ], "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1691764", "reference_id": "1691764", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1691764" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925286", "reference_id": "925286", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925286" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:tar:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:tar:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:tar:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9923", "reference_id": "CVE-2019-9923", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9923" }, { "reference_url": "https://usn.ubuntu.com/4692-1/", "reference_id": "USN-4692-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4692-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/940548?format=api", "purl": "pkg:deb/debian/tar@1.32%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.32%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940537?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940535?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1.2%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1.2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940539?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-3.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940538?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-9923" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rpve-2nqs-mucp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89655?format=api", "vulnerability_id": "VCID-rufk-zs3j-9qf6", "summary": "tar archive path traversal issue", "references": [ { "reference_url": "ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc", "reference_id": "", "reference_type": "", "scores": [], "url": "ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-1918.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-1918.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-1918", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02059", "scoring_system": "epss", "scoring_elements": "0.83969", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02059", "scoring_system": "epss", "scoring_elements": "0.83836", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02059", "scoring_system": "epss", "scoring_elements": "0.8385", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02059", "scoring_system": "epss", "scoring_elements": "0.83865", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02059", "scoring_system": "epss", "scoring_elements": "0.83867", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02059", "scoring_system": "epss", "scoring_elements": "0.83891", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02059", "scoring_system": "epss", "scoring_elements": "0.83897", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02059", "scoring_system": "epss", "scoring_elements": "0.83913", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02059", "scoring_system": "epss", "scoring_elements": "0.83908", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02059", "scoring_system": "epss", "scoring_elements": "0.83904", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02059", "scoring_system": "epss", "scoring_elements": "0.8393", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02059", "scoring_system": "epss", "scoring_elements": "0.83956", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02059", "scoring_system": "epss", "scoring_elements": "0.83963", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-1918" }, { "reference_url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=140589", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=140589" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1918", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1918" }, { "reference_url": "http://secunia.com/advisories/18988", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/18988" }, { "reference_url": "http://secunia.com/advisories/19130", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/19130" }, { "reference_url": "http://secunia.com/advisories/19183", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/19183" }, { "reference_url": "http://secunia.com/advisories/20397", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/20397" }, { "reference_url": "http://securitytracker.com/id?1015655", "reference_id": "", "reference_type": "", "scores": [], "url": "http://securitytracker.com/id?1015655" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9946", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9946" }, { "reference_url": "http://support.avaya.com/elmodocs2/security/ASA-2006-110.htm", "reference_id": "", "reference_type": "", "scores": [], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-110.htm" }, { "reference_url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2006-0195.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2006-0195.html" }, { "reference_url": "http://www.securityfocus.com/archive/1/430297/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/430297/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/5834", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/5834" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=140589", "reference_id": "140589", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=140589" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:tar:1.13.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:tar:1.13.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:tar:1.13.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2005-1918", "reference_id": "CVE-2005-1918", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:P/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-1918" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0195", "reference_id": "RHSA-2006:0195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0195" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/940540?format=api", "purl": "pkg:deb/debian/tar@1.14-2.2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.14-2.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940537?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940535?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1.2%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1.2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940539?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-3.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940538?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2005-1918" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rufk-zs3j-9qf6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34397?format=api", "vulnerability_id": "VCID-svwr-123p-skeq", "summary": "A vulnerability in Tar could led to a Denial of Service condition.", "references": [ { "reference_url": "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454" }, { "reference_url": "http://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20482.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20482.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20482", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05338", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05617", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05379", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05382", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05546", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05581", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.0538", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.0541", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05416", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05451", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05473", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05444", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.0543", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05424", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20482" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20482", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20482" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00023.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00023.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00025.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00025.html" }, { "reference_url": "https://news.ycombinator.com/item?id=18745431", "reference_id": "", "reference_type": "", "scores": [], "url": "https://news.ycombinator.com/item?id=18745431" }, { "reference_url": "https://twitter.com/thatcks/status/1076166645708668928", "reference_id": "", "reference_type": "", "scores": [], "url": "https://twitter.com/thatcks/status/1076166645708668928" }, { "reference_url": "https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug", "reference_id": "", "reference_type": "", "scores": [], "url": "https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug" }, { "reference_url": "http://www.securityfocus.com/bid/106354", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106354" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1662346", "reference_id": "1662346", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1662346" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917377", "reference_id": "917377", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917377" }, { "reference_url": "https://security.archlinux.org/ASA-201901-1", "reference_id": "ASA-201901-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201901-1" }, { "reference_url": "https://security.archlinux.org/AVG-841", "reference_id": "AVG-841", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-841" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:tar:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:tar:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:tar:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20482", "reference_id": "CVE-2018-20482", "reference_type": "", "scores": [ { "value": "1.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20482" }, { "reference_url": "https://security.gentoo.org/glsa/201903-05", "reference_id": "GLSA-201903-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201903-05" }, { "reference_url": "https://usn.ubuntu.com/4692-1/", "reference_id": "USN-4692-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4692-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/940547?format=api", "purl": "pkg:deb/debian/tar@1.30%2Bdfsg-3.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.30%252Bdfsg-3.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940537?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940535?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1.2%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1.2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940539?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-3.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940538?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-20482" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-svwr-123p-skeq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46540?format=api", "vulnerability_id": "VCID-vzdf-6u9d-bfax", "summary": "A path traversal attack in Tar may lead to the remote execution of\n arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6321.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6321.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6321", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11143", "scoring_system": "epss", "scoring_elements": "0.9344", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.11143", "scoring_system": "epss", "scoring_elements": "0.93448", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.11143", "scoring_system": "epss", "scoring_elements": "0.93456", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.11143", "scoring_system": "epss", "scoring_elements": "0.93457", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.11143", "scoring_system": "epss", "scoring_elements": "0.93465", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.11143", "scoring_system": "epss", "scoring_elements": "0.93468", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.11143", "scoring_system": "epss", "scoring_elements": "0.93474", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.11143", "scoring_system": "epss", "scoring_elements": "0.93473", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.11143", "scoring_system": "epss", "scoring_elements": "0.93493", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.11143", "scoring_system": "epss", "scoring_elements": "0.93499", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.11143", "scoring_system": "epss", "scoring_elements": "0.93506", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.11143", "scoring_system": "epss", "scoring_elements": "0.93508", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.11143", "scoring_system": "epss", "scoring_elements": "0.93505", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6321" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6321", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6321" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://seclists.org/fulldisclosure/2016/Oct/102", "reference_id": "102", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:54:23Z/" } ], "url": "http://seclists.org/fulldisclosure/2016/Oct/102" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1318562", "reference_id": "1318562", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1318562" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842339", "reference_id": "842339", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842339" }, { "reference_url": "http://www.securityfocus.com/bid/93937", "reference_id": "93937", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:54:23Z/" } ], "url": "http://www.securityfocus.com/bid/93937" }, { "reference_url": "http://seclists.org/fulldisclosure/2016/Oct/96", "reference_id": "96", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:54:23Z/" } ], "url": "http://seclists.org/fulldisclosure/2016/Oct/96" }, { "reference_url": "https://security.archlinux.org/ASA-201611-11", "reference_id": "ASA-201611-11", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-11" }, { "reference_url": "https://security.archlinux.org/AVG-64", "reference_id": "AVG-64", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-64" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3702", "reference_id": "dsa-3702", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:54:23Z/" } ], "url": "http://www.debian.org/security/2016/dsa-3702" }, { "reference_url": "https://security.gentoo.org/glsa/201611-19", "reference_id": "GLSA-201611-19", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:54:23Z/" } ], "url": "https://security.gentoo.org/glsa/201611-19" }, { "reference_url": "http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html", "reference_id": "GNU-tar-1.29-Extract-Pathname-Bypass.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:54:23Z/" } ], "url": "http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html" }, { "reference_url": "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d", "reference_id": "?id=7340f67b9860ea0531c1450e5aa261c50f67165d", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:54:23Z/" } ], "url": "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d" }, { "reference_url": "http://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html", "reference_id": "msg00016.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:54:23Z/" } ], "url": "http://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html" }, { "reference_url": "https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt", "reference_id": "tar-extract-pathname-bypass.proper.txt", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:54:23Z/" } ], "url": "https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt" }, { "reference_url": "https://usn.ubuntu.com/3132-1/", "reference_id": "USN-3132-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3132-1/" }, { "reference_url": "http://www.ubuntu.com/usn/USN-3132-1", "reference_id": "USN-3132-1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:54:23Z/" } ], "url": "http://www.ubuntu.com/usn/USN-3132-1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/940546?format=api", "purl": "pkg:deb/debian/tar@1.29b-1.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.29b-1.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940537?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940535?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1.2%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1.2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940539?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-3.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940538?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-6321" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vzdf-6u9d-bfax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34111?format=api", "vulnerability_id": "VCID-zakj-27p6-6kbf", "summary": "A buffer overflow flaw in GNU Tar could result in execution of\n arbitrary code or a Denial of Service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0624.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0624.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0624", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01474", "scoring_system": "epss", "scoring_elements": "0.80894", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01474", "scoring_system": "epss", "scoring_elements": "0.80902", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01474", "scoring_system": "epss", "scoring_elements": "0.80925", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01474", "scoring_system": "epss", "scoring_elements": "0.80923", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01474", "scoring_system": "epss", "scoring_elements": "0.80951", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01474", "scoring_system": "epss", "scoring_elements": "0.80958", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01474", "scoring_system": "epss", "scoring_elements": "0.80973", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01474", "scoring_system": "epss", "scoring_elements": "0.8096", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01474", "scoring_system": "epss", "scoring_elements": "0.80988", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01474", "scoring_system": "epss", "scoring_elements": "0.8099", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01474", "scoring_system": "epss", "scoring_elements": "0.81011", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01474", "scoring_system": "epss", "scoring_elements": "0.81021", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01474", "scoring_system": "epss", "scoring_elements": "0.81028", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0624" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0624", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0624" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=564368", "reference_id": "564368", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=564368" }, { "reference_url": "https://security.gentoo.org/glsa/201111-11", "reference_id": "GLSA-201111-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201111-11" }, { "reference_url": "https://security.gentoo.org/glsa/201311-21", "reference_id": "GLSA-201311-21", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201311-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0141", "reference_id": "RHSA-2010:0141", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0141" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0142", "reference_id": "RHSA-2010:0142", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0142" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0143", "reference_id": "RHSA-2010:0143", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0143" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0144", "reference_id": "RHSA-2010:0144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0145", "reference_id": "RHSA-2010:0145", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0145" }, { "reference_url": "https://usn.ubuntu.com/2456-1/", "reference_id": "USN-2456-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2456-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/940545?format=api", "purl": "pkg:deb/debian/tar@1.23-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.23-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940537?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940535?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1.2%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1.2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940539?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-3.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940538?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2010-0624" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zakj-27p6-6kbf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38418?format=api", "vulnerability_id": "VCID-zn6w-f898-tqgd", "summary": "Tar is vulnerable to directory traversal possibly allowing for the\n overwriting of arbitrary files.", "references": [ { "reference_url": "ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc", "reference_id": "", "reference_type": "", "scores": [], "url": "ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc" }, { "reference_url": "http://docs.info.apple.com/article.html?artnum=305214", "reference_id": "", "reference_type": "", "scores": [], "url": "http://docs.info.apple.com/article.html?artnum=305214" }, { "reference_url": "http://kb.vmware.com/KanisaPlatform/Publishing/817/2240267_f.SAL_Public.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://kb.vmware.com/KanisaPlatform/Publishing/817/2240267_f.SAL_Public.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html" }, { "reference_url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050812.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050812.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2006-0749.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2006-0749.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-6097.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-6097.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-6097", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10442", "scoring_system": "epss", "scoring_elements": "0.93254", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.10442", "scoring_system": "epss", "scoring_elements": "0.932", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.10442", "scoring_system": "epss", "scoring_elements": "0.93209", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.10442", "scoring_system": "epss", "scoring_elements": "0.93213", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.10442", "scoring_system": "epss", "scoring_elements": "0.93211", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.10442", "scoring_system": "epss", "scoring_elements": "0.93219", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.10442", "scoring_system": "epss", "scoring_elements": "0.93224", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.10442", "scoring_system": "epss", "scoring_elements": "0.93228", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.10442", "scoring_system": "epss", "scoring_elements": "0.93225", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.10442", "scoring_system": "epss", "scoring_elements": "0.93227", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.10442", "scoring_system": "epss", "scoring_elements": "0.93243", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.10442", "scoring_system": "epss", "scoring_elements": "0.93248", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.10442", "scoring_system": "epss", "scoring_elements": "0.93255", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.10442", "scoring_system": "epss", "scoring_elements": "0.9326", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.10442", "scoring_system": "epss", "scoring_elements": "0.93258", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-6097" }, { "reference_url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=216937", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=216937" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6097", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6097" }, { "reference_url": "http://secunia.com/advisories/23115", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/23115" }, { "reference_url": "http://secunia.com/advisories/23117", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/23117" }, { "reference_url": "http://secunia.com/advisories/23142", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/23142" }, { "reference_url": "http://secunia.com/advisories/23146", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/23146" }, { "reference_url": "http://secunia.com/advisories/23163", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/23163" }, { "reference_url": "http://secunia.com/advisories/23173", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/23173" }, { "reference_url": "http://secunia.com/advisories/23198", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/23198" }, { "reference_url": "http://secunia.com/advisories/23209", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/23209" }, { "reference_url": "http://secunia.com/advisories/23314", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/23314" }, { "reference_url": "http://secunia.com/advisories/23443", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/23443" }, { "reference_url": "http://secunia.com/advisories/23514", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/23514" }, { "reference_url": "http://secunia.com/advisories/23911", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/23911" }, { "reference_url": "http://secunia.com/advisories/24479", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/24479" }, { "reference_url": "http://secunia.com/advisories/24636", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/24636" }, { "reference_url": "http://security.freebsd.org/advisories/FreeBSD-SA-06:26.gtar.asc", "reference_id": "", "reference_type": "", "scores": [], "url": "http://security.freebsd.org/advisories/FreeBSD-SA-06:26.gtar.asc" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-200612-10.xml", "reference_id": "", "reference_type": "", "scores": [], "url": "http://security.gentoo.org/glsa/glsa-200612-10.xml" }, { "reference_url": "http://securityreason.com/securityalert/1918", "reference_id": "", "reference_type": "", "scores": [], "url": "http://securityreason.com/securityalert/1918" }, { "reference_url": "http://securitytracker.com/id?1017423", "reference_id": "", "reference_type": "", "scores": [], "url": "http://securitytracker.com/id?1017423" }, { "reference_url": "https://issues.rpath.com/browse/RPL-821", "reference_id": "", "reference_type": "", "scores": [], "url": "https://issues.rpath.com/browse/RPL-821" }, { "reference_url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.469379", "reference_id": "", "reference_type": "", "scores": [], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.469379" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10963", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10963" }, { "reference_url": "http://support.avaya.com/elmodocs2/security/ASA-2007-015.htm", "reference_id": "", "reference_type": "", "scores": [], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-015.htm" }, { "reference_url": "http://www.debian.org/security/2006/dsa-1223", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2006/dsa-1223" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:219", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:219" }, { "reference_url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.038.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.038.html" }, { "reference_url": "http://www.securityfocus.com/archive/1/453286/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/453286/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/archive/1/464268/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/464268/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/21235", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/21235" }, { "reference_url": "http://www.trustix.org/errata/2006/0068/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.trustix.org/errata/2006/0068/" }, { "reference_url": "http://www.ubuntu.com/usn/usn-385-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/usn-385-1" }, { "reference_url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html" }, { "reference_url": "http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html" }, { "reference_url": "http://www.vupen.com/english/advisories/2006/4717", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2006/4717" }, { "reference_url": "http://www.vupen.com/english/advisories/2006/5102", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2006/5102" }, { "reference_url": "http://www.vupen.com/english/advisories/2007/0930", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2007/0930" }, { "reference_url": "http://www.vupen.com/english/advisories/2007/1171", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2007/1171" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618237", "reference_id": "1618237", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618237" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=399845", "reference_id": "399845", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=399845" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:tar:1.15.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:tar:1.15.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:tar:1.15.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:tar:1.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:tar:1.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:tar:1.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2006-6097", "reference_id": "CVE-2006-6097", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:P/A:P" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-6097" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/29160.c", "reference_id": "CVE-2006-6097;OSVDB-30721", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/29160.c" }, { "reference_url": "https://www.securityfocus.com/bid/21235/info", "reference_id": "CVE-2006-6097;OSVDB-30721", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/21235/info" }, { "reference_url": "https://security.gentoo.org/glsa/200612-10", "reference_id": "GLSA-200612-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200612-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0749", "reference_id": "RHSA-2006:0749", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0749" }, { "reference_url": "https://usn.ubuntu.com/385-1/", "reference_id": "USN-385-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/385-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/940542?format=api", "purl": "pkg:deb/debian/tar@1.16-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.16-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940537?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940535?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1.2%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1.2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940539?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-3.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940538?format=api", "purl": "pkg:deb/debian/tar@1.35%2Bdfsg-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.35%252Bdfsg-4%3Fdistro=trixie" } ], "aliases": [ "CVE-2006-6097" ], "risk_score": 7.2, "exploitability": "2.0", "weighted_severity": "3.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zn6w-f898-tqgd" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }