Описание
A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.
A flaw was found in the src/list.c of tar. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.
Отчет
The vulnerability in GNU Tar is rated as moderate severity because, while it results in a denial of service through memory leaks, its exploitation is constrained to the application's operational context without impacting the broader system integrity or security. The leak occurs in the read_header() function, where memory allocated for handling tar entries is not properly released, leading to resource exhaustion. However, this vulnerability does not facilitate arbitrary code execution, privilege escalation, or data corruption, which are characteristic of higher-severity vulnerabilities. Furthermore, the memory leak is contingent upon user interaction, as it requires the extraction of maliciously crafted tar files, thereby limiting its potential for widespread exploitation.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | tar | Out of support scope | ||
| Red Hat Enterprise Linux 7 | tar | Out of support scope | ||
| Red Hat Enterprise Linux 8 | tar | Fix deferred | ||
| Red Hat Enterprise Linux 9 | tar | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
3.3 Low
CVSS3
Связанные уязвимости
A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.
A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.
A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw ...
EPSS
3.3 Low
CVSS3