1691764 – (CVE-2019-9923) CVE-2019-9923 tar: null-pointer dereference in pax_decode_header in sparse.c

Bug 1691764 (CVE-2019-9923) - CVE-2019-9923 tar: null-pointer dereference in pax_decode_header in sparse.c

Summary: CVE-2019-9923 tar: null-pointer dereference in pax_decode_header in sparse.c

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2019-9923
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1691765 1692713 1692714
Blocks:	1691767
TreeView+	depends on / blocked

Reported:	2019-03-22 13:06 UTC by Dhananjay Arunesh
Modified:	2023-03-24 14:39 UTC (History)
CC List:	9 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-10-27 03:26:54 UTC

Attachments	(Terms of Use)

Description Dhananjay Arunesh 2019-03-22 13:06:58 UTC

pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.

Reference:
https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241

Upstream commit:
http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120

Comment 1 Dhananjay Arunesh 2019-03-22 13:07:13 UTC

Created tar tracking bugs for this issue:

Affects: fedora-all [bug 1691765]

Comment 3 Riccardo Schirone 2019-03-26 09:51:12 UTC

Function pax_decode_header() in sparse.c does not check if there is a next block before using it, thus some malformed tar files could cause an application crash.

Note You need to log in before you can comment on or make changes to this bug.