Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-39804

Published: 27/03/2024 Updated: 27/03/2024

Vulnerability Summary

In GNU tar prior to 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.

Vulnerability Trend

Vendor Advisories

Debian CVElist Bug Report Logs: tar: CVE-2023-39804: Incorrectly handled extension attributes in PAX archives can lead to a crash
Debian Bug report logs - #1058079 tar: CVE-2023-39804: Incorrectly handled extension attributes in PAX archives can lead to a crash Package: src:tar; Maintainer for src:tar is Janos Lenart <ocsi@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 12 Dec 2023 06:45:02 UTC Severity: important ...
Amazon Linux 2: ALAS-2024-2390
It was discovered that tar incorrectly handled extended attributes in PAX archives An attacker could supply a specially crafted file and cause tar to crash, resulting in a denial of service (CVE-2023-39804) ...

References

https://git.savannah.gnu.org/cgit/tar.git/commit/?id=a339f05cd269013fa133d2f148d73f6f7d4247e4https://git.savannah.gnu.org/cgit/tar.git/tree/src/xheader.c?h=release_1_34#n1723https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058079https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058079https://alas.aws.amazon.com/AL2/ALAS-2024-2390.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook