CVE-2016-6321
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2016-6321
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-6321.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2016-6321
- Related
- Published
- 2016-12-09T22:59:00Z
- Modified
- 2025-03-18T08:59:05.217634Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Directory traversal vulnerability in the safernamesuffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.
- References
-
- http://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html
- http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html
- http://www.debian.org/security/2016/dsa-3702
- http://www.securityfocus.com/bid/93937
- http://www.ubuntu.com/usn/USN-3132-1
- https://security.gentoo.org/glsa/201611-19
- https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt
- http://seclists.org/fulldisclosure/2016/Oct/102
- http://seclists.org/fulldisclosure/2016/Oct/96
- http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
- https://security.alpinelinux.org/vuln/CVE-2016-6321
- https://security-tracker.debian.org/tracker/CVE-2016-6321
Affected packages
Alpine:v3.10 / tar
Package
- Name
- tar
- Purl
- pkg:apk/alpine/tar?arch=source
Alpine:v3.11 / tar
Package
- Name
- tar
- Purl
- pkg:apk/alpine/tar?arch=source
Alpine:v3.12 / tar
Package
- Name
- tar
- Purl
- pkg:apk/alpine/tar?arch=source
Alpine:v3.13 / tar
Package
- Name
- tar
- Purl
- pkg:apk/alpine/tar?arch=source
Alpine:v3.14 / tar
Package
- Name
- tar
- Purl
- pkg:apk/alpine/tar?arch=source
Alpine:v3.15 / tar
Package
- Name
- tar
- Purl
- pkg:apk/alpine/tar?arch=source
Alpine:v3.16 / tar
Package
- Name
- tar
- Purl
- pkg:apk/alpine/tar?arch=source
Alpine:v3.17 / tar
Package
- Name
- tar
- Purl
- pkg:apk/alpine/tar?arch=source
Alpine:v3.18 / tar
Package
- Name
- tar
- Purl
- pkg:apk/alpine/tar?arch=source
Alpine:v3.19 / tar
Package
- Name
- tar
- Purl
- pkg:apk/alpine/tar?arch=source
Alpine:v3.20 / tar
Package
- Name
- tar
- Purl
- pkg:apk/alpine/tar?arch=source
Alpine:v3.21 / tar
Package
- Name
- tar
- Purl
- pkg:apk/alpine/tar?arch=source
Alpine:v3.4 / tar
Package
- Name
- tar
- Purl
- pkg:apk/alpine/tar?arch=source
Alpine:v3.5 / tar
Package
- Name
- tar
- Purl
- pkg:apk/alpine/tar?arch=source
Alpine:v3.6 / tar
Package
- Name
- tar
- Purl
- pkg:apk/alpine/tar?arch=source
Alpine:v3.7 / tar
Package
- Name
- tar
- Purl
- pkg:apk/alpine/tar?arch=source
Alpine:v3.8 / tar
Package
- Name
- tar
- Purl
- pkg:apk/alpine/tar?arch=source
Alpine:v3.9 / tar
Package
- Name
- tar
- Purl
- pkg:apk/alpine/tar?arch=source
Debian:11 / tar
Package
- Name
- tar
- Purl
- pkg:deb/debian/tar?arch=source
Debian:12 / tar
Package
- Name
- tar
- Purl
- pkg:deb/debian/tar?arch=source
Debian:13 / tar
Package
- Name
- tar
- Purl
- pkg:deb/debian/tar?arch=source
Git / git.savannah.gnu.org/git/tar.git
Affected ranges
- Type
- GIT
- Repo
- http://git.savannah.gnu.org/git/tar.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
Other
alpha_1_13_93
alpha_1_15_90
alpha_1_15_90_incremental_1
alpha_1_15_91
old
release_1_14
release_1_15
release_1_15_1
release_1_16
release_1_16_1
release_1_17
release_1_18
release_1_19
release_1_20
release_1_21
release_1_22
release_1_23
release_1_24
release_1_25
release_1_26
release_1_27
release_1_27_1
release_1_28
release_1_29