Tar is vulnerable to Denial Of Service (DOS). The vulnerability is caused due to a defect in a function xattr_decoder()
within xheader.c
where sufficiently long xattr key may overflow a stack where alloca()
is used. An attacker can trick a user into processing a malicious archive, causing an application to crash resulting in Denial Of Service (DOS).
CPE | Name | Operator | Version |
---|---|---|---|
tar:sid | eq | 1.32+dfsg-1 | |
tar:sid | eq | 1.34+dfsg-1 | |
tar:bullseye | eq | 1.30+dfsg-7 | |
tar:sid | eq | 1.32+dfsg-1 | |
tar:sid | eq | 1.34+dfsg-1 | |
tar:bullseye | eq | 1.30+dfsg-7 |