CVE-2019-9923

7.5HIGH

Key Information:

Vendor: Gnu
Status: Tar
Vendor: CVE Published:; 22 March 2019

Summary

pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.

References

https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241

x_refsource_MISC

http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb078...

x_refsource_MISC

http://savannah.gnu.org/bugs/?55369

x_refsource_MISC

EPSS Score

2% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 22, 2019
Vulnerability Reserved
Mar 22, 2019