CVE-2007-4476

GNU tar - Buffer Overflow

Title source: llm

Description

Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Dmitry V. Levin · cdoslinux

https://www.exploit-db.com/exploits/30766

View Code ZIP pw:eip

References (37)

[Third Party Advisory] http://bugs.gentoo.org/show_bug.cgi?id=196978

[Third Party Advisory] http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691

[Third Party Advisory] http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

[Patch, Third Party Advisory] http://secunia.com/advisories/26674

[Third Party Advisory] http://secunia.com/advisories/26987

[Third Party Advisory] http://secunia.com/advisories/27331

[Third Party Advisory] http://secunia.com/advisories/27453

[Third Party Advisory] http://secunia.com/advisories/27514

[Third Party Advisory] http://secunia.com/advisories/27681

[Third Party Advisory] http://secunia.com/advisories/27857

[Third Party Advisory] http://secunia.com/advisories/28255

[Third Party Advisory] http://secunia.com/advisories/29968

[Third Party Advisory] http://secunia.com/advisories/32051

[Third Party Advisory] http://secunia.com/advisories/33567

[Third Party Advisory] http://secunia.com/advisories/39008

[Third Party Advisory] http://security.gentoo.org/glsa/glsa-200711-18.xml

[Broken Link] http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021680.1-1

[Third Party Advisory] http://www.debian.org/security/2007/dsa-1438

[Third Party Advisory] http://www.debian.org/security/2008/dsa-1566

[Broken Link] http://www.mandriva.com/security/advisories?name=MDKSA-2007:197

... and 17 more

Scores

EPSS 0.1222

EPSS Percentile 93.9%

Details

CWE

CWE-119

Status published

Products (6)

canonical/ubuntu_linux 6.06

canonical/ubuntu_linux 7.04

canonical/ubuntu_linux 7.10

debian/debian_linux 3.1

debian/debian_linux 4.0

gnu/tar < 1.19

Published Sep 05, 2007

Tracked Since Feb 18, 2026