An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read. https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807
Created libtar tracking bugs for this issue: Affects: fedora-all [bug 2121291]
The security fixes in question seem to be available in this source RPM package: https://repo.openeuler.org/openEuler-22.03-LTS/update/source/Packages/libtar-1.2.20-21.oe2203.src.rpm
(In reply to Sandipan Roy from comment #0) > https://www.openeuler.org/en/security/safety-bulletin/detail. > html?id=openEuler-SA-2022-1807 this returns 404 not found do we have a reproducer?
In reply to comment #4: > (In reply to Sandipan Roy from comment #0) > > https://www.openeuler.org/en/security/safety-bulletin/detail. > > html?id=openEuler-SA-2022-1807 > > this returns 404 not found > > do we have a reproducer? I'm also seeing 404 now, I don't have any reproducer or test cases.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:2898 https://access.redhat.com/errata/RHSA-2023:2898
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-33643