NULL Pointer Dereference Affecting tar package, versions *

Although NVD CVSS Score is: 7.5 (High severity), when available we recommend using the distro's own rating score.

Attack Complexity

Low
Availability

High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

snyk-id

SNYK-UBUNTU2204-TAR-2791257
published

22 Mar 2019
disclosed

22 Mar 2019

Report a new vulnerability Found a mistake?

Introduced: 22 Mar 2019

CVE-2019-9923 Open this link in a new tab CWE-476 Open this link in a new tab

How to fix?

There is no fixed version for Ubuntu:22.04 tar.

NVD Description

Note: Versions mentioned in the description apply to the upstream tar package.

pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.

References

Debian Security Tracker
MISC
MISC
MISC
MLIST
MLIST
OpenSuse Security Announcement
Ubuntu CVE Tracker

NULL Pointer Dereference Affecting tar package, versions *

Attack Complexity

Availability

snyk-id

published

disclosed

Introduced: 22 Mar 2019

How to fix?

NVD Description

References