CVE-2018-20482 Information

Description

GNU Tar through 1.30 when –sparse is used mishandles file shrinkage during read access which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user’s process (e.g. a system backup running as root).

CVSS Vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Reference

http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454 http://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html http://www.securityfocus.com/bid/106354 https://lists.debian.org/debian-lts-announce/2018/12/msg00023.html https://news.ycombinator.com/item?id=18745431 https://security.gentoo.org/glsa/201903-05 https://twitter.com/thatcks/status/1076166645708668928 https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

4.7