Hide Forgot
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read. https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807
Created libtar tracking bugs for this issue: Affects: fedora-all [bug 2121300]
The security fixes in question seem to be available in this source RPM package: https://repo.openeuler.org/openEuler-22.03-LTS/update/source/Packages/libtar-1.2.20-21.oe2203.src.rpm