Unrated severityNVD Advisory· Published Oct 17, 2013· Updated Apr 29, 2026
CVE-2013-4397
CVE-2013-4397
Description
Multiple integer overflows in the th_read function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) name or (2) link in an archive, which triggers a heap-based buffer overflow.
Affected products
9cpe:2.3:a:feep:libtar:*:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:feep:libtar:*:*:*:*:*:*:*:*range: <=1.2.19
- cpe:2.3:a:feep:libtar:1.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:feep:libtar:1.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:feep:libtar:1.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:feep:libtar:1.2.15:*:*:*:*:*:*:*
- cpe:2.3:a:feep:libtar:1.2.16:*:*:*:*:*:*:*
- cpe:2.3:a:feep:libtar:1.2.17:*:*:*:*:*:*:*
- cpe:2.3:a:feep:libtar:1.2.18:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- repo.or.cz/w/libtar.git/commitdiff/45448e8bae671c2f7e80b860ae0fc0cedf2bdc04nvdExploitPatch
- rhn.redhat.com/errata/RHSA-2013-1418.htmlnvdVendor Advisory
- secunia.com/advisories/55188nvdVendor Advisory
- secunia.com/advisories/55253nvdVendor Advisory
- www.debian.org/security/2013/dsa-2817nvd
- www.openwall.com/lists/oss-security/2013/10/10/4nvd
- www.openwall.com/lists/oss-security/2013/10/10/6nvd
- www.securityfocus.com/bid/62922nvd
- www.securitytracker.com/id/1029166nvd
- www.securitytracker.com/id/1040106nvd
- lists.feep.net:8080/pipermail/libtar/2013-October/000361.htmlnvd
- source.android.com/security/bulletin/2018-01-01nvd
News mentions
0No linked articles in our index yet.