VDB

CISA-2016-6321

CISA-2016-6321 PUBLISHED CVSS 7.5 HIGH

Reported by redhat · Published December 9, 2016

Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products

VendorProductVersions
n/an/an/a
n/an/an/a, n/a

Timeline

  • Dec 9, 2016 CVE Published
  • Aug 6, 2025 CVE Updated
  • Mar 26, 2026 Distribution Patch
  • Mar 26, 2026 Distribution Patch
  • Mar 26, 2026 Security Advisory
  • Mar 26, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›