VDB
CISA-2016-6321
CISA-2016-6321
PUBLISHED
CVSS 7.5 HIGH
Reported by redhat · Published December 9, 2016
Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | n/a, n/a |
Timeline
- Dec 9, 2016 CVE Published
- Aug 6, 2025 CVE Updated
- Mar 26, 2026 Distribution Patch
- Mar 26, 2026 Distribution Patch
- Mar 26, 2026 Security Advisory
- Mar 26, 2026 Security Advisory
References
- 20161030 [CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321) - patch update mailing-listx_refsource_FULLDISC
- 93937 vdb-entryx_refsource_BID
- GLSA-201611-19 vendor-advisoryx_refsource_GENTOO
- 20161026 [CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321) mailing-listx_refsource_FULLDISC
- x_refsource_CONFIRM
- [bug-tar] 20161029 Re: [Bug-tar] possible fixes for CVE-2016-6321 mailing-listx_refsource_MLIST
- DSA-3702 vendor-advisoryx_refsource_DEBIAN
- x_refsource_MISC
- x_refsource_MISC
- USN-3132-1 vendor-advisoryx_refsource_UBUNTU
- [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 mailing-listx_refsource_MLIST
- [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 mailing-listx_refsource_MLIST