Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-20482

Опубликовано: 26 дек. 2018
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 1.9
CVSS3: 4.7

Описание

GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).

РелизСтатусПримечание
bionic

released

1.29b-2ubuntu0.2
cosmic

ignored

end of life
devel

not-affected

1.30+dfsg-6
disco

not-affected

1.30+dfsg-5
eoan

not-affected

1.30+dfsg-6
esm-infra-legacy/trusty

released

1.27.1-1ubuntu0.1+esm1
esm-infra/bionic

released

1.29b-2ubuntu0.2
esm-infra/focal

not-affected

1.30+dfsg-6
esm-infra/xenial

released

1.28-2.1ubuntu0.2
focal

not-affected

1.30+dfsg-6

Показывать по

Ссылки на источники

EPSS

Процентиль: 5%
0.0002
Низкий

1.9 Low

CVSS2

4.7 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2018-20482

CVSS3: 5.5
redhat
около 7 лет назад

GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).

nvd логотип

CVE-2018-20482

CVSS3: 4.7
nvd
около 7 лет назад

GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).

debian логотип

CVE-2018-20482

CVSS3: 4.7
debian
около 7 лет назад

GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage ...

github логотип

GHSA-pm5x-48pq-67cq

CVSS3: 4.7
github
больше 3 лет назад

GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).

fstec логотип

BDU:2019-01641

CVSS3: 4.7
fstec
около 7 лет назад

Уязвимость фунции sparse_dump_region архиватора GNU Tar, связанная с чтением за границами буфера, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 5%
0.0002
Низкий

1.9 Low

CVSS2

4.7 Medium

CVSS3