rpm package
almalinux/tar
pkg:rpm/almalinux/tar
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-45582 | — | < 2:1.35-9.el10_1 | 2:1.35-9.el10_1 | Jul 11, 2025 | GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a c | ||
| CVE-2022-48303 | — | < 2:1.30-6.el8_7.1 | 2:1.30-6.el8_7.1 | Jan 30, 2023 | GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approxima |
- CVE-2025-45582Jul 11, 2025affected < 2:1.35-9.el10_1fixed 2:1.35-9.el10_1
GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a c
- CVE-2022-48303Jan 30, 2023affected < 2:1.30-6.el8_7.1fixed 2:1.30-6.el8_7.1
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approxima