VYPR
Unrated severityNVD Advisory· Published Oct 17, 2013· Updated Jun 16, 2026

CVE-2013-4397

CVE-2013-4397

Description

Multiple integer overflows in the th_read function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) name or (2) link in an archive, which triggers a heap-based buffer overflow.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

10
  • Feep/Libtar8 versions
    cpe:2.3:a:feep:libtar:*:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:a:feep:libtar:*:*:*:*:*:*:*:*range: <=1.2.19
    • cpe:2.3:a:feep:libtar:1.2.11:*:*:*:*:*:*:*
    • cpe:2.3:a:feep:libtar:1.2.13:*:*:*:*:*:*:*
    • cpe:2.3:a:feep:libtar:1.2.14:*:*:*:*:*:*:*
    • cpe:2.3:a:feep:libtar:1.2.15:*:*:*:*:*:*:*
    • cpe:2.3:a:feep:libtar:1.2.16:*:*:*:*:*:*:*
    • cpe:2.3:a:feep:libtar:1.2.17:*:*:*:*:*:*:*
    • cpe:2.3:a:feep:libtar:1.2.18:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
  • Libtar/libtarllm-fuzzy
    Range: <1.2.20

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.