Описание
list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 3.7.7-0ubuntu2.1 |
| esm-infra-legacy/trusty | needs-triage | |
| esm-infra/bionic | needs-triage | |
| esm-infra/focal | not-affected | 3.4.0-2ubuntu1.5 |
| esm-infra/xenial | needs-triage | |
| focal | released | 3.4.0-2ubuntu1.5 |
| jammy | released | 3.6.0-1ubuntu1.4 |
| noble | released | 3.7.2-2ubuntu0.4 |
| oracular | released | 3.7.4-1ubuntu0.2 |
| plucky | released | 3.7.7-0ubuntu2.1 |
Показывать по
Ссылки на источники
4 Medium
CVSS3
Связанные уязвимости
list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.
list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.
list_item_verbose in tar/util.c in libarchive through 3.7.7 does not c ...
list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.
4 Medium
CVSS3