Memory Leak GNU Tar 1.33
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tar (Ubuntu) |
Fix Released
|
Low
|
Unassigned | ||
Trusty |
Fix Released
|
Undecided
|
Unassigned | ||
Xenial |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
An issue was discovered in GNU Tar 1.33 and earlier. There is a memory leak in read_header() in list.c in the tar application. Occastionally, ASAN detects an out of bounds memory read. Valgrind confirms the memory leak in the standard tar tool installed by default. This degrades the availability of the tar tool, and could potentially result in other memory-related issues.
Common Weakness Enumeration IDs for reference:
CWE-401: Missing Release of Memory after Effective Lifetime
CWE-125: Out-of-bounds Read
Attached to this report is a PoC malcrafted file "1311745-
VALGRIND OUTPUT:
valgrind tar -xf 1311745-
==3776== Memcheck, a memory error detector
==3776== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==3776== Using Valgrind-3.16.1 and LibVEX; rerun with -h for copyright info
==3776== Command: tar -xf output/
==3776==
tar: Unexpected EOF in archive
tar: Exiting with failure status due to previous errors
==3776==
==3776== HEAP SUMMARY:
==3776== in use at exit: 1,311,761 bytes in 2 blocks
==3776== total heap usage: 52 allocs, 50 frees, 1,349,212 bytes allocated
==3776==
==3776== LEAK SUMMARY:
==3776== definitely lost: 1,311,745 bytes in 1 blocks
...
NOTE: Version 1.30, 1.32, 1.33 were tested and confirmed to be vulnerable.
lsb_release -rd
Description: Ubuntu 20.04.1 LTS
Release: 20.04
apt-cache policy tar
tar:
Installed: 1.30+dfsg-
Candidate: 1.30+dfsg-
---
Carlos
CVE References
Changed in tar (Ubuntu): | |
importance: | Undecided → Low |
tags: |
added: focal removed: security tar |
Changed in tar (Ubuntu): | |
status: | New → Triaged |
Update
This vulnerability has been discussed with the developer.
Developer has released a public fix.
Original Post in GNU TAR Project: /savannah. gnu.org/ bugs/?59897
https:/
Commit with fix: /git.savannah. gnu.org/ cgit/tar. git/commit/ ?id=d9d44356921 50fa8ff68e1b1a4 73d187cc3fd777
https:/
This thread can go public now.