Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2016-6321

Опубликовано: 09 дек. 2016
Источник: nvd
CVSS3: 7.5
CVSS3: 7.5
CVSS2: 5
EPSS Средний

Описание

Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gnu:tar:1.14:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.15:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.15.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.15.90:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.15.91:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.16:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.16.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.17:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.18:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.19:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.20:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.21:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.22:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.23:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.24:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.25:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.26:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.27:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.27.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.28:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:1.29:*:*:*:*:*:*:*

EPSS

Процентиль: 93%
0.11143
Средний

7.5 High

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22
CWE-22

Связанные уязвимости

ubuntu логотип

CVE-2016-6321

CVSS3: 7.5
ubuntu
около 9 лет назад

Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.

redhat логотип

CVE-2016-6321

redhat
больше 9 лет назад

Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.

debian логотип

CVE-2016-6321

CVSS3: 7.5
debian
около 9 лет назад

Directory traversal vulnerability in the safer_name_suffix function in ...

suse-cvrf логотип

openSUSE-SU-2016:3003-1

suse-cvrf
около 9 лет назад

Security update for tar

suse-cvrf логотип

SUSE-SU-2016:2896-1

suse-cvrf
около 9 лет назад

Security update for tar

EPSS

Процентиль: 93%
0.11143
Средний

7.5 High

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22
CWE-22