CVE-2013-4397

Severity

68%

Complexity

86%

Confidentiality

106%

Multiple integer overflows in the th_read function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) name or (2) link in an archive, which triggers a heap-based buffer overflow.

Multiple integer overflows in the th_read function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) name or (2) link in an archive, which triggers a heap-based buffer overflow.

CVSS 2.0 Base Score 6.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P).

Overview

First reported 11 years ago

2013-10-17 23:55:00

Last updated 5 years ago

2019-04-22 17:48:00

Affected Software

Red Hat Enterprise Linux 6.0

6.0

Feep Libtar 1.2.11

1.2.11

Feep Libtar 1.2.13

1.2.13

Feep Libtar 1.2.14

1.2.14

Feep Libtar 1.2.15

1.2.15

Feep Libtar 1.2.16

1.2.16

Feep Libtar 1.2.17

1.2.17

Feep Libtar 1.2.18

1.2.18

References

http://repo.or.cz/w/libtar.git/commitdiff/45448e8bae671c2f7e80b860ae0fc0cedf2bdc04

Exploit, Patch

RHSA-2013:1418

Vendor Advisory

55188

Vendor Advisory

55253

Vendor Advisory

DSA-2817

[oss-security] 20131010 Integer overflow in libtar (<= 1.2.19)

[oss-security] 20131010 Re: Integer overflow in libtar (<= 1.2.19)

62922

1029166

1040106

[libtar] 20131009 ANNOUNCE: libtar version 1.2.20

https://source.android.com/security/bulletin/2018-01-01

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.