> Do you know if this issue ever got a CVE assigned?
I requested a CVE from MITRE today, awaiting a response.
> Also are you ok with me making this bug public since the fix is already
public and released?
Sure, go ahead.
Thanks,
Bahaa
On Thu, Aug 3, 2023 at 6:44 PM Eduardo Barretto <email address hidden>
wrote:
> Hey,
>
> Thanks for taking the time to report this bug and helping to make Ubuntu
> better.
> Do you know if this issue ever got a CVE assigned?
> Also are you ok with me making this bug public since the fix is already
> public and released?
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/2029464
>
> Title:
> A stack overflow in GNU Tar
>
> Status in tar package in Ubuntu:
> New
>
> Bug description:
> A stack overflow vulnerability exists in GNU Tar up to including v1.34,
> as far as I can see, Ubuntu is using v1.3.
> The bug exists in the function xattr_decoder() in xheader.c, where
> alloca() is used and it may overflow the stack if a sufficiently long xattr
> key is used. The vulnerability can be triggered when extracting a tar/pax
> archive that contains such a long xattr key.
>
> Vulnerable code:
>
> https://git.savannah.gnu.org/cgit/tar.git/tree/src/xheader.c?h=release_1_34#n1723
>
> PoC tar archive is attached in a zip archive to reduce the size.
>
> I reported the vulnerability yesterday to GNU Tar maintainers and they
> replied that the issue was fixed in the version that was released two
> weeks ago:
>
>
> "Sergey fixed that bug here:
>
>
> https://git.savannah.gnu.org/cgit/tar.git/commit/?id=a339f05cd269013fa133d2f148d73f6f7d4247e4
>
> and the fix appears in tar 1.35, released July 18.
> "
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464/+subscriptions
>
>
Hi,
> Do you know if this issue ever got a CVE assigned?
I requested a CVE from MITRE today, awaiting a response.
> Also are you ok with me making this bug public since the fix is already
public and released?
Sure, go ahead.
Thanks,
Bahaa
On Thu, Aug 3, 2023 at 6:44 PM Eduardo Barretto <email address hidden>
wrote:
> Hey, /bugs.launchpad .net/bugs/ 2029464 /git.savannah. gnu.org/ cgit/tar. git/tree/ src/xheader. c?h=release_ 1_34#n1723 /git.savannah. gnu.org/ cgit/tar. git/commit/ ?id=a339f05cd26 9013fa133d2f148 d73f6f7d4247e4 /bugs.launchpad .net/ubuntu/ +source/ tar/+bug/ 2029464/ +subscriptions
>
> Thanks for taking the time to report this bug and helping to make Ubuntu
> better.
> Do you know if this issue ever got a CVE assigned?
> Also are you ok with me making this bug public since the fix is already
> public and released?
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https:/
>
> Title:
> A stack overflow in GNU Tar
>
> Status in tar package in Ubuntu:
> New
>
> Bug description:
> A stack overflow vulnerability exists in GNU Tar up to including v1.34,
> as far as I can see, Ubuntu is using v1.3.
> The bug exists in the function xattr_decoder() in xheader.c, where
> alloca() is used and it may overflow the stack if a sufficiently long xattr
> key is used. The vulnerability can be triggered when extracting a tar/pax
> archive that contains such a long xattr key.
>
> Vulnerable code:
>
> https:/
>
> PoC tar archive is attached in a zip archive to reduce the size.
>
> I reported the vulnerability yesterday to GNU Tar maintainers and they
> replied that the issue was fixed in the version that was released two
> weeks ago:
>
>
> "Sergey fixed that bug here:
>
>
> https:/
>
> and the fix appears in tar 1.35, released July 18.
> "
>
> To manage notifications about this bug go to:
> https:/
>
>