cvedb.io
CVE-2016-6321
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2016-12-09T22:59:00.170 · Last modified 2026-06-17T00:50:49.503

Summary

Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.

Affected products

gnu — tar

Does this affect you?

Add your gear to cvedb and we'll alert you only when gnu ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.