Loop with Unreachable Exit Condition ('Infinite Loop') Affecting tar package, versions <1.29b-1.1+deb9u1
Snyk CVSS
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN9-TAR-312293
- published 26 Dec 2018
- disclosed 26 Dec 2018
Introduced: 26 Dec 2018
CVE-2018-20482 Open this link in a new tabHow to fix?
Upgrade Debian:9
tar
to version 1.29b-1.1+deb9u1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream tar
package and not the tar
package as distributed by Debian
.
See How to fix?
for Debian:9
relevant fixed versions and status.
GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).