This bug was fixed in the package tar - 1.34+dfsg-1.2ubuntu2
---
tar (1.34+dfsg-1.2ubuntu2) noble; urgency=medium
* SECURITY UPDATE: stack overflow via crafted xattr (LP: #2029464)
- debian/patches/CVE-2023-39804.patch: allocate xattr keys and values
on the heap rather tha
Actually I just got it working - no need to send PoC @kerneldude - I
made my own.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to tar in Ubuntu.
https://bugs.launchpad.net/bugs/2029464
Title:
A stack overflow in GNU Tar
St
So I managed to create a tar file with an extended attribute name of
length of ~ 36 bytes long (the largest I can do without exceeding
the existing check on maximum extended header lengths it seems) but this
is not able to trigger the vuln - so if you are able to share your PoC
that would be gr
@kerneldude - any chance you could share your poc (perhaps email it to
secur...@ubuntu.com rather than post it publicly here)? I have tried
creating one via the following but I hit the CLI args limit before I can
get an xattr key long enough:
touch bar
tar --pax-option SCHILY.xattr.user.$(python3
Excellent - thanks for letting us know. So since a CVE has already been
assigned then we won't assign an additional one. I'll add the details to
our CVE tracker.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to tar in Ubuntu.
h
Yes, they reserved one, but with no details:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39804
Feel free to assign a different one with information about the issue, or
update the already reserved CVE number.
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-39804
--
@kerneldude - do you know if MITRE ever assigned a CVE for this?
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to tar in Ubuntu.
https://bugs.launchpad.net/b
7 matches
Mail list logo