CVE-2013-4397 – libtar: Heap-based buffer overflows by expanding a specially-crafted archive

https://notcve.org/view.php?id=CVE-2013-4397

Multiple integer overflows in the th_read function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) name or (2) link in an archive, which triggers a heap-based buffer overflow. Múltiples desbordamientos de entero en la función the_read de lib/block.c en libtar anterior a 1.2.20 permite a atacantes remotos causar una dengación de servicio (crash) y posiblemente ejecuta código de forma arbitraria a través de un largo (1) nombre o (2) enlace en un archivo, lo que dispara un desbordamiento de buffer (heap) • http://repo.or.cz/w/libtar.git/commitdiff/45448e8bae671c2f7e80b860ae0fc0cedf2bdc04 http://rhn.redhat.com/errata/RHSA-2013-1418.html http://secunia.com/advisories/55188 http://secunia.com/advisories/55253 http://www.debian.org/security/2013/dsa-2817 http://www.openwall.com/lists/oss-security/2013/10/10/4 http://www.openwall.com/lists/oss-security/2013/10/10/6 http://www.securityfocus.com/bid/62922 http://www.securitytracker.com/id/1029166 http://www.securitytracker.com/i • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •