Описание
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | DNE | |
| esm-apps/bionic | released | 1.2.20-7ubuntu0.1~esm1 |
| esm-apps/focal | released | 1.2.20-8ubuntu0.20.04.1 |
| esm-apps/jammy | released | 1.2.20-8ubuntu0.22.04.1 |
| esm-apps/noble | released | 1.2.20-8.1ubuntu0.24.04.1 |
| esm-apps/xenial | released | 1.2.20-4ubuntu0.1~esm1 |
| focal | released | 1.2.20-8ubuntu0.20.04.1 |
| jammy | released | 1.2.20-8ubuntu0.22.04.1 |
| kinetic | ignored | end of life, was needs-triage |
Показывать по
EPSS
8.1 High
CVSS3
Связанные уязвимости
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read.
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read.
An attacker who submits a crafted tar file with size in header struct ...
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read.
EPSS
8.1 High
CVSS3