A flaw was found in the src/list.c of tar. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.
Comment 1Carlos Andres Ramirez
2021-01-19 01:20:05 UTC
Created attachment 1748610[details]
PoC - Test case for memory leak/crash
This is the .tar test case from my original report. Can be used with Valgrind to confirm the memory leak before the crash.
Flaw summary:
Memory pointed to by `next_long_name` and `next_long_link` was not being freed upon return of the `read_header()` routine in src/list.c. An attacker who provided a specially crafted input file to tar could cause an impact to application availability. The patch changes `read_header()` to not return before freeing memory pointed to by `next_long_name` and `next_long_link`.