Описание
In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.
A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.
Отчет
To exploit this flaw, an attacker needs to trick a user into processing a malicious archive, causing only an application crash. For these reasons, this flaw was rated with a low, and not moderate, severity.
Меры по смягчению последствий
Do not process untrusted tar archives.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | tar | Out of support scope | ||
| Red Hat Enterprise Linux 7 | tar | Fix deferred | ||
| Red Hat Enterprise Linux 8 | tar | Fix deferred | ||
| Red Hat Enterprise Linux 9 | tar | Fix deferred |
Показывать по
Дополнительная информация
Статус:
3.3 Low
CVSS3
Связанные уязвимости
In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.
In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.
In GNU tar before 1.35, mishandled extension attributes in a PAX archi ...
3.3 Low
CVSS3