RHEL 9 : tar (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - tar: Incorrectly handled extension attributes in PAX archives can lead to a crash CVE-2023-39804 Note that Nessus h...

EulerOS Virtualization 2.11.1 : tar (EulerOS-SA-2024-1623)

According to the versions of the tar package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c. CVE-2023-3980...

EulerOS Virtualization 2.10.0 : tar (EulerOS-SA-2024-1539)

According to the versions of the tar package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c. CVE-2023-3980...

DEBIAN-CVE-2023-39804

In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c...

CVE-2023-39804

In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c...

AZL-52625 CVE-2023-39804 affecting package tar for versions less than 1.34-3

In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c...

CVE-2023-39804

In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c...

CVE-2023-39804

CVE-2023-39804 corresponds to a GNU tar issue where mishandled extension attributes in a PAX archive can crash an application via xheader.c. The connected IBM bulletin maps this CVE to IBM API Connect onPrem v12 (12.1.0.0) and lists remediation by upgrading to v12.1.0.1. The IBM advisory presents...

CVE-2023-39804

In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c...

CVE-2023-39804

In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c...

Denial Of Service (DOS)

Tar is vulnerable to Denial Of Service DOS. The vulnerability is caused due to a defect in a function xattrdecoder within xheader.c where sufficiently long xattr key may overflow a stack where alloca is used. An attacker can trick a user into processing a malicious archive, causing an application...

CVE-2023-39804

In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c...

UBUNTU-CVE-2023-39804

In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c...