K000159077: GNU Tar vulnerability CVE-2019-9923

🗓️ 16 Jan 2026 18:41:36Reported by f5Type

f5🔗 my.f5.com👁 9 Views

GNU Tar CVE-2019-9923 permits NULL pointer dereference in sparse.c for malformed headers.

Reporter	Title	Published	Views	Family All 88
IBM Security Bulletins	Security Bulletin: A vulnerability in GNU Tar affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2019-9923)	12 Jan 202321:59	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues	30 Nov 202318:45	–	ibm
IBM Security Bulletins	Security Bulletin: Netcool Operations Insight v1.6.8 addresses multiple security vulnerabilities.	11 Apr 202311:47	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues	1 Mar 202418:03	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in GNU Tar (CVE-2019-9923).	12 Jan 202321:59	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Security is vulnerable to using components with known vulnerabilities	1 Nov 202218:28	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in Hyper Converged Database	21 Jan 202610:51	–	ibm
Tenable Nessus	Amazon Linux 2 : tar (ALAS-2023-2064)	5 Jun 202300:00	–	nessus
Tenable Nessus	Amazon Linux AMI : tar (ALAS-2023-1755)	6 Jun 202300:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP5 : tar (EulerOS-SA-2019-1347)	6 May 201900:00	–	nessus

20 Jan 2026 14:01Current

6.3Medium risk

Vulners AI Score6.3

CVSS 25

CVSS 37.5

CVSS 3.17.5

EPSS0.004

SSVC

gnu tar null pointer malformed headers sparse header parsing local attack vulnerability 2019 9923