Описание
pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.
Отчет
This issue is classified with a low severity primarily because untrusted tar files are not typically extracted with the root user, limiting the impact of this issue. Additionally, this NULL pointer dereference is only triggered during the parsing of a specially crafted file, requiring an attacker to convince a user to process this file with tar. Furthermore, tar does not handle privileged operations, meaning that exploitation is unlikely to lead to system compromise or escalation of privileges. Also, the impact is limited to the application itself, without affecting the broader system or network security.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | tar | Not affected | ||
| Red Hat Enterprise Linux 6 | tar | Will not fix | ||
| Red Hat Enterprise Linux 7 | tar | Fix deferred | ||
| Red Hat Enterprise Linux 8 | tar | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
3.3 Low
CVSS3
Связанные уязвимости
pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.
pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.
pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointe ...
pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.
Уязвимость архиватора GNU Tar, связанная с недостаточным выделением памяти для операции, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
3.3 Low
CVSS3