NULL Pointer Dereference in GNU Tar Affects Multiple Archive Variants
CVE-2019-9923

7.5HIGH

Key Information:

Vendor
Gnu
Status
Tar
Vendor
CVE Published:
22 March 2019

Summary

A vulnerability exists in GNU Tar prior to version 1.32 that enables a NULL pointer dereference when parsing certain archives with malformed extended headers. This flaw could lead to application crashes and potential disruption if exploited while processing specially crafted archive files. Users are advised to update to the latest version to mitigate risks associated with this vulnerability.

References

https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241
x_refsource_MISC
http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb078...
x_refsource_MISC
http://savannah.gnu.org/bugs/?55369
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.