Lucene search

K
cveMitreCVE-2018-20482
HistoryDec 26, 2018 - 6:29 p.m.

CVE-2018-20482

2018-12-2618:29:00
CWE-835
mitre
web.nvd.nist.gov
336
gnu tar
cve-2018-20482
nvd
file shrinkage
denial of service
sparse_dump_region

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:N/A:P

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

4.5

Confidence

High

EPSS

0

Percentile

5.1%

GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user’s process (e.g., a system backup running as root).

Affected configurations

Nvd
Node
gnutarRange1.30
Node
debiandebian_linuxMatch8.0
OR
debiandebian_linuxMatch9.0
Node
opensuseleapMatch15.0
VendorProductVersionCPE
gnutarcpe:/a:gnu:tar::::

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:N/A:P

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

4.5

Confidence

High

EPSS

0

Percentile

5.1%