DEBIAN-CVE-2024-28863
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 21 Mar 2024, 23:15
Last modified:29 Apr 2026, 05:00
Vulnerability Summary
Overall Risk (default)
medium
26/100 CVSS Score
6.5 MEDIUM
3.1 (osv_debian)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
21 Mar 2024, 23:15
Published
Vulnerability first disclosed
29 Apr 2026, 05:00
Last Modified
Vulnerability information updated
Description
node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few seconds of running it using a path with too many sub-folders inside. Version 6.2.1 fixes this issue by preventing extraction in excessively deep sub-folders.
CVSS Metrics
- v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Systems
- debian•node-tar
all | < 6.0.5+ds1+~cs11.3.9-1+deb11u3 | all | < 6.1.13+~cs7.0.5-2 | < 6.1.13+~cs7.0.5-2