Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2018-20482

Опубликовано: 26 дек. 2018
Источник: debian

Описание

GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).

Пакеты

ПакетСтатусВерсия исправленияРелизТип
tarfixed1.30+dfsg-3.1package

Примечания

  • https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug

  • https://news.ycombinator.com/item?id=18745431

  • https://twitter.com/thatcks/status/1076166645708668928

  • https://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html

  • Fixed by https://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42c

Связанные уязвимости

ubuntu логотип

CVE-2018-20482

CVSS3: 4.7
ubuntu
около 7 лет назад

GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).

redhat логотип

CVE-2018-20482

CVSS3: 5.5
redhat
около 7 лет назад

GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).

nvd логотип

CVE-2018-20482

CVSS3: 4.7
nvd
около 7 лет назад

GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).

github логотип

GHSA-pm5x-48pq-67cq

CVSS3: 4.7
github
больше 3 лет назад

GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).

fstec логотип

BDU:2019-01641

CVSS3: 4.7
fstec
около 7 лет назад

Уязвимость фунции sparse_dump_region архиватора GNU Tar, связанная с чтением за границами буфера, позволяющая нарушителю вызвать отказ в обслуживании