Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-20482

Опубликовано: 26 дек. 2018
Источник: redhat
CVSS3: 5.5

Описание

GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).

Отчет

Red Hat Enterprise Linux 8 is not affected by this vulnerability because ships already patched version of tar.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5tarWill not fix
Red Hat Enterprise Linux 6tarWill not fix
Red Hat Enterprise Linux 7tarWill not fix
Red Hat Enterprise Linux 8tarNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-835
https://bugzilla.redhat.com/show_bug.cgi?id=1662346tar: Infinite read loop in sparse_dump_region function in sparse.c

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-20482

CVSS3: 4.7
ubuntu
около 7 лет назад

GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).

nvd логотип

CVE-2018-20482

CVSS3: 4.7
nvd
около 7 лет назад

GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).

debian логотип

CVE-2018-20482

CVSS3: 4.7
debian
около 7 лет назад

GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage ...

github логотип

GHSA-pm5x-48pq-67cq

CVSS3: 4.7
github
больше 3 лет назад

GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).

fstec логотип

BDU:2019-01641

CVSS3: 4.7
fstec
около 7 лет назад

Уязвимость фунции sparse_dump_region архиватора GNU Tar, связанная с чтением за границами буфера, позволяющая нарушителю вызвать отказ в обслуживании

5.5 Medium

CVSS3