CVE-2016-6321
- Source
- https://cve.org/CVERecord?id=CVE-2016-6321
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-6321.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-6321
- Downstream
- Related
- Published
- 2016-12-09T22:59:00.170Z
- Modified
- 2026-03-20T11:15:11.994996Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Directory traversal vulnerability in the safernamesuffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.
- References
-
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
- https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt
- http://www.debian.org/security/2016/dsa-3702
- http://www.securityfocus.com/bid/93937
- http://www.ubuntu.com/usn/USN-3132-1
- https://security.gentoo.org/glsa/201611-19
- http://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html
- http://seclists.org/fulldisclosure/2016/Oct/96
- http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d
- http://seclists.org/fulldisclosure/2016/Oct/102
- http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html
Affected packages
Git / git.savannah.gnu.org/git/tar.git/
Affected ranges
- Type
- GIT
- Repo
- http://git.savannah.gnu.org/git/tar.git/
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected95256b3c07fecbacbefbf61d45b2e0634cda42ccIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedfb782b023f5510825602f41f41bd56e8948ce8eeIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected3352016cf07754706f5b300da9e898c728a52c69Introduced0 Unknown introduced commit / All previous commits are affectedLast affected66ef04d4c8e21b4a160daed7de8bff60d14d3828Introduced0 Unknown introduced commit / All previous commits are affectedLast affected532b2dd31f8cc28c38c369d49b314ad6f9ba1a25Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedf572ca0cfb109005deb29de1e299e1ab72f282d2Introduced0 Unknown introduced commit / All previous commits are affectedLast affectede5ef01710ab4be17e8932f196b562244c3842c06Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedd3f04456e86b4cce1f863afdc05885f97514412aIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected1fb35e737478b9f3bc9cc4c18f2b656f8127f271Introduced0 Unknown introduced commit / All previous commits are affectedLast affected7b57922073a7c21069c5f355549b4d8811881585Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedb94eed6d03bd9f34f1d6336af8ea682804eb15b4Introduced0 Unknown introduced commit / All previous commits are affectedLast affected970f999818a52a107a89697666c54397403c09beIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected9077de9fa91886697a1294891a8d4e6d17fcd30bIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectede8e0b6cb7ac0a7a8d1fb4cb954a8bd8158dded02Introduced0 Unknown introduced commit / All previous commits are affectedLast affected983113b140dbb540923a3112fa27e9f508ff70c5Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedecd700fbfb6c4d04fd67f4fdf9944ff6377ff064Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedaea443b9e8ed8f84a3b7c246330aa194f6b7e1efIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedf6c25db5fef8f1e82c7a9e87ed42d311cb1bcb32Introduced0 Unknown introduced commit / All previous commits are affectedLast affected49f3145092b00de0b21bd0b751b6caaa57db4fc4Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedb500277de7eeac4893fe6517c38dc417b4a4d976Introduced0 Unknown introduced commit / All previous commits are affectedLast affected20b55f0679d314568ec21ae6db1ea635494e292b
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "1.14" }, { "introduced": "0" }, { "last_affected": "1.15" }, { "introduced": "0" }, { "last_affected": "1.15.1" }, { "introduced": "0" }, { "last_affected": "1.15.90" }, { "introduced": "0" }, { "last_affected": "1.15.91" }, { "introduced": "0" }, { "last_affected": "1.16" }, { "introduced": "0" }, { "last_affected": "1.16.1" }, { "introduced": "0" }, { "last_affected": "1.17" }, { "introduced": "0" }, { "last_affected": "1.18" }, { "introduced": "0" }, { "last_affected": "1.19" }, { "introduced": "0" }, { "last_affected": "1.20" }, { "introduced": "0" }, { "last_affected": "1.21" }, { "introduced": "0" }, { "last_affected": "1.22" }, { "introduced": "0" }, { "last_affected": "1.23" }, { "introduced": "0" }, { "last_affected": "1.24" }, { "introduced": "0" }, { "last_affected": "1.25" }, { "introduced": "0" }, { "last_affected": "1.26" }, { "introduced": "0" }, { "last_affected": "1.27" }, { "introduced": "0" }, { "last_affected": "1.27.1" }, { "introduced": "0" }, { "last_affected": "1.28" }, { "introduced": "0" }, { "last_affected": "1.29" } ] }
- Type
- GIT
- Repo
- https://cgit.git.savannah.gnu.org/cgit/tar.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed7340f67b9860ea0531c1450e5aa261c50f67165d