BID:106354

GNU Tar CVE-2018-20482 Denial of Service Vulnerability

CVE-2018-20482 |

Info

GNU Tar CVE-2018-20482 Denial of Service Vulnerability

Bugtraq ID:	106354
Class:	Boundary Condition Error
CVE:	CVE-2018-20482
Remote:	Yes
Local:	No
Published:	Dec 27 2018 12:00AM
Updated:	Dec 27 2018 12:00AM
Credit:	Chris Siebenmann
Vulnerable:	GNU tar 1.15.91 GNU tar 1.15.90 GNU tar 1.15.1 GNU tar 1.14.90 GNU tar 1.13.25 + Gentoo Linux 1.4 _rc1 + Gentoo Linux 1.2 + HP Secure OS software for Linux 1.0 + MandrakeSoft Corporate Server 1.0.1 + MandrakeSoft Single Network Firewall 7.2 + Mandriva Linux Mandrake 9.0 + Mandriva Linux Mandrake 8.2 ppc + Mandriva Linux Mandrake 8.2 + Mandriva Linux Mandrake 8.1 ia64 + Mandriva Linux Mandrake 8.1 + Mandriva Linux Mandrake 8.0 ppc + Mandriva Linux Mandrake 8.0 + Mandriva Linux Mandrake 7.2 + Mandriva Linux Mandrake 7.1 + Redhat Linux 7.3 i386 + Redhat Linux 7.3 + Redhat Linux 7.2 ia64 + Redhat Linux 7.2 i386 + Redhat Linux 7.2 alpha + Redhat Linux 7.2 + Redhat Linux 7.1 ia64 + Redhat Linux 7.1 i386 + Redhat Linux 7.1 alpha + Redhat Linux 7.1 + Redhat Linux 7.0 sparc + Redhat Linux 7.0 i386 + Redhat Linux 7.0 alpha + Redhat Linux 7.0 + Redhat Linux 6.2 sparc + Redhat Linux 6.2 i386 + Redhat Linux 6.2 alpha + Redhat Linux 6.2 + Sun Linux 5.0 GNU tar 1.13.19 + Redhat Linux 6.2 sparc + Redhat Linux 6.2 i386 + Redhat Linux 6.2 alpha + Redhat Linux 6.2 + Sun Cobalt Qube 3 + Sun Cobalt RaQ 3 + Sun Cobalt RaQ 4 + Sun Cobalt RaQ 550 + Sun Cobalt RaQ XTR + Sun Linux 5.0.6 + Sun Linux 5.0.5 + Sun Linux 5.0.3 + Sun Linux 5.0 GNU tar 1.13.18 GNU tar 1.13.17 GNU tar 1.13.16 GNU tar 1.13.14 GNU tar 1.13.11 GNU tar 1.13.5 GNU tar 1.13 GNU tar 1.30 GNU tar 1.29 GNU tar 1.23 GNU tar 1.22 GNU tar 1.16 GNU tar 1.15 GNU tar 1.14 GNU tar 0

Not Vulnerable:

Discussion

GNU Tar CVE-2018-20482 Denial of Service Vulnerability

GNU Tar is prone to a denial-of-service vulnerability.

Attackers can exploit this issue to cause denial-of-service condition, denying service to legitimate users.

GNU Tar 1.30 and prior versions are vulnerable.

Solution / Fix

GNU Tar CVE-2018-20482 Denial of Service Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.