2254067 – (CVE-2023-39804) CVE-2023-39804 tar: Incorrectly handled extension attributes in PAX archives can lead to a crash

Bug 2254067 (CVE-2023-39804) - CVE-2023-39804 tar: Incorrectly handled extension attributes in PAX archives can lead to a crash

Summary: CVE-2023-39804 tar: Incorrectly handled extension attributes in PAX archives ...

Keywords:
Status:	NEW
Alias:	CVE-2023-39804
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2254069
Blocks:	2254071
TreeView+	depends on / blocked

Reported:	2023-12-11 19:14 UTC by Zack Miele
Modified:	2025-01-03 08:27 UTC (History)
CC List:	25 users (show)
Fixed In Version:	tar 1.35
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Zack Miele 2023-12-11 19:14:01 UTC

It was discovered that tar incorrectly handled extended attributes in PAX archives. An attacker could supply a specially crafted file and cause tar to crash, resulting in a denial of service.

Comment 1 Zack Miele 2023-12-11 19:22:35 UTC

Created tar tracking bugs for this issue:

Affects: fedora-all [bug 2254069]

Note You need to log in before you can comment on or make changes to this bug.

aarif
agarcial
aoconnor
aprice
asegurap
bdettelb
caswilli
dfreiber
dkuc
drow
fjansen
hkataria
jburrell
jmitchel
jsherril
jtanner
kaycoth
kshier
ljavorsk
mpierce
orabin
sthirugn
vkrizan
vkumar
vmugicag