Back to search
CVE-2018-20482
Published: Dec 26, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[debian-lts-announce] 20181231 [SECURITY] [DLA 1623-1] tar security update
mailing-list
x_refsource_MLIST
https://news.ycombinator.com/item?id=18745431
x_refsource_MISC
106354
vdb-entry
x_refsource_BID
GLSA-201903-05
vendor-advisory
x_refsource_GENTOO
http://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html
x_refsource_MISC
https://twitter.com/thatcks/status/1076166645708668928
x_refsource_MISC
openSUSE-SU-2019:1237
vendor-advisory
x_refsource_SUSE
[debian-lts-announce] 20211128 [SECURITY] [DLA 2830-1] tar security update
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now