Tar is vulnerable to Denial Of Service (DOS). The vulnerability is caused due to a defect in a function xattr_decoder()
within xheader.c
where sufficiently long xattr key may overflow a stack where alloca()
is used. An attacker can trick a user into processing a malicious archive, causing an application to crash resulting in Denial Of Service (DOS).