suse · CVE-2006-6097

Quick triage

Priority: low Published: 2021-05-30 12:37:12 UTC Updated: 2026-04-18 20:37:11 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2006-6097 severity low: SUSE including 19 source package names (tar, tar-1.20-23.23.1, …), 45 product×package rows across 20 product lines (SUSE CaaS Platform 4.0, SUSE Enterprise Storage 7, … (20 product lines)): Known Not Affected 28, Fixed 17.

Description:

GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216.

cvelogic Threat Intelligence