7.5

CVE-2007-4476

EPSS 11.81%
Published 05.09.2007 01:17:00
Last modified 09.04.2025 00:30:58
Source secalert@redhat.com
Teams watchlist Login
Open Login

Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."

Affected products Warnungen 0 Metrics 2 CWE 1 References 40

Data is provided by the National Vulnerability Database (NVD)

Gnu ≫ Tar Version < 1.19

Debian ≫ Debian Linux Version3.1

Debian ≫ Debian Linux Version4.0

Canonical ≫ Ubuntu Linux Version6.06

Canonical ≫ Ubuntu Linux Version7.04

Canonical ≫ Ubuntu Linux Version7.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	11.81%	0.934

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

Third Party Advisory

http://secunia.com/advisories/26987

Third Party Advisory

http://www.novell.com/linux/security/advisories/2007_19_sr.html

Broken Link

http://secunia.com/advisories/27857

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2007:233

Broken Link

http://secunia.com/advisories/26674

Patch

Third Party Advisory

http://www.novell.com/linux/security/advisories/2007_18_sr.html

Broken Link

http://secunia.com/advisories/27453

Third Party Advisory

http://secunia.com/advisories/28255

Third Party Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021680.1-1

Broken Link

http://www.debian.org/security/2007/dsa-1438

Third Party Advisory

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00370.html

Third Party Advisory

http://bugs.gentoo.org/show_bug.cgi?id=196978

Third Party Advisory

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691

Third Party Advisory

http://secunia.com/advisories/27331

Third Party Advisory

http://secunia.com/advisories/27514

Third Party Advisory

http://secunia.com/advisories/27681

Third Party Advisory

http://secunia.com/advisories/29968

Third Party Advisory

http://secunia.com/advisories/32051

Third Party Advisory

http://secunia.com/advisories/33567

Third Party Advisory

http://secunia.com/advisories/39008

Third Party Advisory

http://security.gentoo.org/glsa/glsa-200711-18.xml

Third Party Advisory

http://www.debian.org/security/2008/dsa-1566

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2007:197

Broken Link

http://www.redhat.com/support/errata/RHSA-2010-0141.html

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2010-0144.html

Third Party Advisory

http://www.securityfocus.com/bid/26445

Third Party Advisory

VDB Entry

http://www.ubuntu.com/usn/usn-650-1

Third Party Advisory

http://www.ubuntu.com/usn/usn-709-1

Third Party Advisory

http://www.vupen.com/english/advisories/2010/0628

Permissions Required

http://www.vupen.com/english/advisories/2010/0629

Permissions Required

https://bugzilla.redhat.com/show_bug.cgi?id=280961

Third Party Advisory

Issue Tracking

https://issues.rpath.com/browse/RPL-1861

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7114

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8599

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9336

Third Party Advisory

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00073.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2007-4476

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-4476

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-4476

EUVD