admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-29 01:31:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2016/CVE-2016-6321.md

23 lines
1.1 KiB
Markdown
Raw Normal View History

Update Sun May 26 14:27:04 CEST 2024
2024-05-26 14:27:05 +02:00
### [CVE-2016-6321](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6321)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20n%2Fa%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
### Description
Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.
### POC
#### Reference
- http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html
Update CVE sources 2024-06-09 00:33
2024-06-09 00:33:16 +00:00
- http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html
Update Sun May 26 14:27:04 CEST 2024
2024-05-26 14:27:05 +02:00
- http://seclists.org/fulldisclosure/2016/Oct/96
Update CVE sources 2024-06-09 00:33
2024-06-09 00:33:16 +00:00
- http://seclists.org/fulldisclosure/2016/Oct/96
Update Sun May 26 14:27:04 CEST 2024
2024-05-26 14:27:05 +02:00
- https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt
Update CVE sources 2024-06-09 00:33
2024-06-09 00:33:16 +00:00
- https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt
Update Sun May 26 14:27:04 CEST 2024
2024-05-26 14:27:05 +02:00
#### Github
- https://github.com/tomwillfixit/alpine-cvecheck
Reference in New Issue Copy Permalink