3.9 LOW
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Local (L)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): Low (L)
- User Interaction (UI): Required (R)
- Scope (S): Unchanged (U)
- Confidentiality (C): Low (L)
- Integrity (I): None (N)
- Availability (A): Low (L)
- Modified Attack Vector (MAV): Local (L)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): Low (L)
- Modified User Interaction (MUI): Required (R)
- Modified Confidentiality (MC): Low (L)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): None (N)
- Modified Availability (MA): Low (L)
Activity log
- Created suggestion
Libarchive: heap overflow oob read while parsing a tar archive contains a pax extended header
A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation could lead to a denial of service, making the system unavailable, or potentially allow for arbitrary code execution, giving the attacker control over the affected system.
References
Affected products
Matching in nixpkgs
Package maintainers
-
@peterhoeg Peter Hoeg <peter@hoeg.com>
-
@minijackson Rémi Nicole <minijackson@riseup.net>
-
@cpages Carles Pagès <page@ruiec.cat>
-
@aanderse Aaron Andersen <aaron@fosslib.net>
-
@dschrempf Dominik Schrempf <dominik.schrempf@gmail.com>
-
@nvmd Sergey Kazenyuk <kazenyuk@pm.me>
-
@jcumming Jack Cummings <jack@mudshark.org>
-
@TomaSajt TomaSajt