CVE-2018-20482
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).
GNU Tar, hasta la versión 1.30, cuando se emplea --sparse, gestiona de manera incorrecta el encogimiento de archivos durante el acceso de lectura, lo que permite que usuarios locales provoquen una denegación de servicio (bucle infinito de lectura en sparse_dump_region en sparse.c) modificando un archivo que debería ser archivado por el proceso de un usuario diferente (por ejemplo, un backup del sistema que se ejecuta como root).
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-12-26 CVE Reserved
- 2018-12-26 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CAPEC
References (10)
URL | Tag | Source |
---|---|---|
http://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html | Third Party Advisory | |
http://www.securityfocus.com/bid/106354 | Third Party Advisory | |
https://lists.debian.org/debian-lts-announce/2018/12/msg00023.html | Mailing List | |
https://lists.debian.org/debian-lts-announce/2021/11/msg00025.html | Mailing List |
URL | Date | SRC |
---|---|---|
https://news.ycombinator.com/item?id=18745431 | 2024-08-05 |
URL | Date | SRC |
---|---|---|
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html | 2021-11-30 | |
https://security.gentoo.org/glsa/201903-05 | 2021-11-30 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Gnu Search vendor "Gnu" | Tar Search vendor "Gnu" for product "Tar" | <= 1.30 Search vendor "Gnu" for product "Tar" and version " <= 1.30" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.0 Search vendor "Opensuse" for product "Leap" and version "15.0" | - |
Affected
|