An issue was discovered in GNU Tar 1.33 and earlier. There is a memory leak in read_header() in list.c in the tar application. Upstream bug: https://savannah.gnu.org/bugs/?59897 Upstream patch: https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777
Created attachment 1748610 [details] PoC - Test case for memory leak/crash This is the .tar test case from my original report. Can be used with Valgrind to confirm the memory leak before the crash.
Flaw summary: Memory pointed to by `next_long_name` and `next_long_link` was not being freed upon return of the `read_header()` routine in src/list.c. An attacker who provided a specially crafted input file to tar could cause an impact to application availability. The patch changes `read_header()` to not return before freeing memory pointed to by `next_long_name` and `next_long_link`.
Created tar tracking bugs for this issue: Affects: fedora-all [bug 1917631]