Every CVE whose affected-product data names Gnu Tar, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2005-2541 — CVSS 10.0 (critical): Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain…
CVE-2016-6321 — CVSS 7.5 (high): Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an…
CVE-2019-9923 — CVSS 7.5 (high): pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed…
CVE-2007-4476 — CVSS 7.5 (high): Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."
CVE-2007-4131 — CVSS 6.8 (medium): Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to…
CVE-2010-0624 — CVSS 6.8 (medium): Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio…
CVE-2023-39804 — CVSS 6.2 (medium): In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.
CVE-2022-48303 — CVSS 5.5 (medium): GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to…
CVE-2006-0300 — CVSS 5.1 (medium): Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly…
CVE-2026-5704 — CVSS 5.0 (medium): A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file…
CVE-2002-0399 — CVSS 5.0 (medium): Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary…
CVE-2002-1216 — CVSS 5.0 (medium): GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result…
CVE-2018-20482 — CVSS 4.7 (medium): GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of…
CVE-2025-45582 — CVSS 4.1 (medium): GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the…
CVE-2006-6097 — CVSS 4.0 (medium): GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that…
CVE-2021-20193 — CVSS 3.3 (low): A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to…
CVE-2005-1918 — CVSS 2.6 (low): The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect…
CVE-2001-1267 — CVSS 2.1 (low): Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users to overwrite arbitrary files during archive extraction…