CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
EPSS
Percentile
96.9%
GNU tar is vulnerable to a buffer overflow, caused by
improper bounds checking of the PAX extended headers. By
tricking an user into processing a specially crafted tar
archive, this could be exploited to execute arbitrary
code with the privileges of the user.