Gnu tar
This hub aggregates every CVE we track for Gnu tar, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.
8
CVEs tracked
0
Critical
2
High
0
In CISA KEV
Severity distribution
LOW4HIGH2MEDIUM2
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
3
0
0
2024-082026-07
Latest CVEs
The 8 most recently published vulnerabilities affecting Gnu tar.
- BDU:2026-06230Уязвимость функции short_read() компонента buffer.c архиватора GNU Tar, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю вызвать отказ в обслуживании3.7
- BDU:2026-06212Уязвимость функции extract_file() архиватора GNU Tar, позволяющая нарушителю вызвать отказ в обслуживании3.1
- BDU:2026-06229Уязвимость функции _obstack_begin_worker() компонента obstack.cархиватора GNU Tar, позволяющая нарушителю вызвать отказ в обслуживании3.7
- CVE-2025-45582GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to...4.1
- CVE-2021-20193A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat f...3.3
- CVE-2019-9923pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.7.5
- CVE-2018-20482GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse....4.7
- CVE-2016-6321Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files...7.5
Product normalization is registry-driven with AI assist and human review. How it works