GNU tar vulnerability could lead to application crash
CVE-2023-39804

Currently unrated

Key Information:

Vendor: GNU
Vendor: CVE Published:; 27 March 2024

What is CVE-2023-39804?

In versions of GNU Tar prior to 1.35, there exists a vulnerability that arises from the improper handling of extension attributes in PAX archives. This flaw in the xheader.c file can lead to application crashes, posing a risk to system stability and data integrity. Maliciously crafted PAX archives may exploit this vulnerability, emphasizing the importance of updating to the latest version to mitigate potential threats.

References

https://git.savannah.gnu.org/cgit/tar.git/commit/?id=a339...

https://git.savannah.gnu.org/cgit/tar.git/tree/src/xheade...

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058079

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2024
Vulnerability Reserved
Aug 7, 2023