rpm package

suse/tar&distro=SUSE Linux Enterprise Micro 5.3

pkg:rpm/suse/tar&distro=SUSE%20Linux%20Enterprise%20Micro%205.3

Vulnerabilities (3)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2025-45582	—	< 1.34-150000.3.37.1	1.34-150000.3.37.1	Jul 11, 2025	GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a c
CVE-2023-39804	—	< 1.34-150000.3.34.1	1.34-150000.3.34.1	Mar 27, 2024	In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.
CVE-2022-48303	—	< 1.34-150000.3.31.1	1.34-150000.3.31.1	Jan 30, 2023	GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approxima

CVE-2025-45582Jul 11, 2025
affected < 1.34-150000.3.37.1fixed 1.34-150000.3.37.1
GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a c
CVE-2023-39804Mar 27, 2024
affected < 1.34-150000.3.34.1fixed 1.34-150000.3.34.1
In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.
CVE-2022-48303Jan 30, 2023
affected < 1.34-150000.3.31.1fixed 1.34-150000.3.31.1
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approxima