CVE-2013-4397

2013-10-18 01:55:04 2019-04-22 19:48:00

Multiple integer overflows in the th_read function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) name or (2) link in an archive, which triggers a heap-based buffer overflow.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Redhat Enterprise linux 6.0 (not an official CPE)

Feep Libtar 1.2.19 Feep Libtar 1.2.18 Feep Libtar 1.2.17 Feep Libtar 1.2.16 Feep Libtar 1.2.15 Feep Libtar 1.2.14 Feep Libtar 1.2.13 Feep Libtar 1.2.11

Redhat - Enterprise linux Feep - Libtar

Advisory	Patch	Confirmed	Link
			RHSA-2013:1418
			DSA-2817
			[oss-security] 20131010 Integer overflow in libtar (<= 1...
			1040106
			[libtar] 20131009 ANNOUNCE: libtar version 1.2.20
			https://source.android.com/security/bulletin/2018-01-01
			62922
			1029166
			[oss-security] 20131010 Re: Integer overflow in libtar (...
			http://repo.or.cz/w/libtar.git/commitdiff/45448e8bae671c...

CVE-2013-4397

2013-10-18 01:55:04 2019-04-22 19:48:00

Vector

Complexity

Authentication

Confidentiality

Integrity

Availability

Numeric Errors (ID 189)