A stack overflow in GNU Tar
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tar (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
A stack overflow vulnerability exists in GNU Tar up to including v1.34, as far as I can see, Ubuntu is using v1.3.
The bug exists in the function xattr_decoder() in xheader.c, where alloca() is used and it may overflow the stack if a sufficiently long xattr key is used. The vulnerability can be triggered when extracting a tar/pax archive that contains such a long xattr key.
Vulnerable code: https:/
PoC tar archive is attached in a zip archive to reduce the size.
I reported the vulnerability yesterday to GNU Tar maintainers and they replied that the issue was fixed in the version that was released two weeks ago:
"Sergey fixed that bug here:
https:/
and the fix appears in tar 1.35, released July 18.
"
Hey,
Thanks for taking the time to report this bug and helping to make Ubuntu better.
Do you know if this issue ever got a CVE assigned?
Also are you ok with me making this bug public since the fix is already public and released?