Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2019-9923

Published: March 22, 2019Last modified: November 9, 2023

Description

pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.

Severity score breakdown

ParameterValue
Base score7.5
Attack VectorNETWORK
Attack complexityLOW
Privileges requiredNONE
User interactionNONE
ScopeUNCHANGED
ConfidentialityNONE
Integrity impactNONE
Availability impactHIGH
VectorCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTStarNot affected (1.34-r2)
StreamtarNot affected (1.35-r2)

References

ON THIS PAGE