CVE-2018-20482

Ubuntu Security Notice USN-4692-1

Severity Score

4.7

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).

GNU Tar, hasta la versión 1.30, cuando se emplea --sparse, gestiona de manera incorrecta el encogimiento de archivos durante el acceso de lectura, lo que permite que usuarios locales provoquen una denegación de servicio (bucle infinito de lectura en sparse_dump_region en sparse.c) modificando un archivo que debería ser archivado por el proceso de un usuario diferente (por ejemplo, un backup del sistema que se ejecuta como root).

Chris Siebenmann discovered that tar incorrectly handled extracting files resized during extraction when invoked with the --sparse flag. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Daniel Axtens discovered that tar incorrectly handled certain malformed tar files. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could use this issue to cause tar to crash, resulting in a denial of service. Various other issues were also addressed.

*Credits: N/A

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-12-26 CVE Reserved
2018-12-26 CVE Published
2024-08-05 CVE Updated
2024-08-05 First Exploit
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

CAPEC

References (10)

URL	Tag	Source
http://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html	Third Party Advisory
http://www.securityfocus.com/bid/106354	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/12/msg00023.html	Mailing List
https://lists.debian.org/debian-lts-announce/2021/11/msg00025.html	Mailing List

URL	Date	SRC
https://news.ycombinator.com/item?id=18745431	2024-08-05

URL	Date	SRC
http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454	2021-11-30
https://twitter.com/thatcks/status/1076166645708668928	2021-11-30
https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug	2021-11-30

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html	2021-11-30
https://security.gentoo.org/glsa/201903-05	2021-11-30

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Gnu Search vendor "Gnu"		Tar Search vendor "Gnu" for product "Tar"				<= 1.30 Search vendor "Gnu" for product "Tar" and version " <= 1.30"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				15.0 Search vendor "Opensuse" for product "Leap" and version "15.0"		-		Affected