Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS2-2023-2064
HistoryMay 25, 2023 - 5:41 p.m.

Medium: tar

2023-05-2517:41:00
alas.aws.amazon.com
10
gnu tar
amazon linux
vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.4%

JSON

Issue Overview:

pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers. (CVE-2019-9923)

Affected Packages:

tar

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update tar to update your system.

New Packages:

aarch64:  
    tar-1.26-35.amzn2.0.2.aarch64  
    tar-debuginfo-1.26-35.amzn2.0.2.aarch64  
  
i686:  
    tar-1.26-35.amzn2.0.2.i686  
    tar-debuginfo-1.26-35.amzn2.0.2.i686  
  
src:  
    tar-1.26-35.amzn2.0.2.src  
  
x86_64:  
    tar-1.26-35.amzn2.0.2.x86_64  
    tar-debuginfo-1.26-35.amzn2.0.2.x86_64

Additional References

Red Hat: CVE-2019-9923

Mitre: CVE-2019-9923

Related

nessus 22
openvas 14
debiancve 1
redhatcve 1
mageia 1
amazon 1
osv 2
veracode 1
nvd 1
ibm 6
ubuntucve 1
prion 1
cvelist 1
cve 1
suse 2
cloudfoundry 1
ubuntu 1
photon 6
ics 1
nessus
nessus
EulerOS Virtualization for ARM 64 3.0.2.0 : tar (EulerOS-SA-2019-1624)
2019-05-30 00:00:00
Photon OS 2.0: Tar PHSA-2019-2.0-0154
2019-05-15 00:00:00
Amazon Linux 2 : tar (ALAS-2023-2064)
2023-06-05 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for tar (EulerOS-SA-2019-1600)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for tar (EulerOS-SA-2019-1347)
2020-01-23 00:00:00
Mageia: Security Advisory (MGASA-2019-0164)
2022-01-28 00:00:00
debiancve
debiancve
CVE-2019-9923
2019-03-22 08:29:00
redhatcve
redhatcve
CVE-2019-9923
2019-03-22 13:19:41
mageia
mageia
Updated tar packages fix security vulnerability
2019-05-12 12:35:33
amazon
amazon
Medium: tar
2023-05-25 17:41:00
osv
osv
CVE-2019-9923
2019-03-22 08:29:00
tar vulnerabilities
2021-01-13 18:56:53
veracode
veracode
Denial Of Service (DoS)
2021-01-15 02:15:58
nvd
nvd
CVE-2019-9923
2019-03-22 08:29:00
ibm
ibm
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in GNU Tar (CVE-2019-9923).
2023-01-12 21:59:00
Security Bulletin: A vulnerability in GNU Tar affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2019-9923)
2023-01-12 21:59:00
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues
2024-03-01 18:15:09
ubuntucve
ubuntucve
CVE-2019-9923
2019-03-22 00:00:00
prion
prion
Null pointer dereference
2019-03-22 08:29:00
cvelist
cvelist
CVE-2019-9923
2019-03-22 07:06:44
cve
cve
CVE-2019-9923
2019-03-22 08:29:00
suse
suse
Security update for tar (moderate)
2019-04-18 00:00:00
Security update for tar (moderate)
2022-05-05 00:00:00
cloudfoundry
cloudfoundry
USN-4692-1: tar vulnerabilities | Cloud Foundry
2021-02-10 00:00:00
ubuntu
ubuntu
tar vulnerabilities
2021-01-13 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0154
2019-04-25 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0228
2019-04-25 00:00:00
Important Photon OS Security Update - PHSA-2019-0154
2019-04-25 00:00:00
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.4%

JSON
Related for ALAS2-2023-2064
nessus22openvas14debiancve1redhatcve1mageia1amazon1osv2veracode1nvd1ibm6ubuntucve1prion1cvelist1cve1suse2cloudfoundry1ubuntu1photon6ics1