CVE-2023-39804Stack-based Buffer Overflow in TAR

CWE-121Stack-based Buffer Overflow8 documents8 sources
Severity
6.2MEDIUMNVD
EPSS
0.0%
top 89.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU TAR
Timeline
PublishedMar 27

Description

In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.5 | Impact: 3.6

Affected Packages2 packages

NVDgnu/tar< 1.35
Debiangnu/tar< 1.34+dfsg-1+deb11u1+3

Patches

Patch: git.savannah.gnu.orgPatch: git.savannah.gnu.org

🔴Vulnerability Details

3
OSV
CVE-2023-39804: In GNU tar before 12024-03-27
GHSA
GHSA-5pvw-wf9w-xx8v: In GNU tar before 12024-03-27
CVEList
CVE-2023-39804: In GNU tar before 12024-03-27

📋Vendor Advisories

4
Microsoft
In GNU tar before 1.35 mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.2024-03-12
Ubuntu
GNU Tar vulnerability2023-12-11
Red Hat
tar: Incorrectly handled extension attributes in PAX archives can lead to a crash2023-12-11
Debian
CVE-2023-39804: tar - In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lea...2023
CVE-2023-39804 — Stack-based Buffer Overflow in GNU TAR | cvebase