CVE-2023-39804

Public on 2023-12-14
Modified on 2024-02-10
Description

It was discovered that tar incorrectly handled extended attributes in PAX archives. An attacker could supply a specially crafted file and cause tar to crash, resulting in a denial of service.

Severity
Low
See what this means
CVSS v3 Base Score
2.8
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 2 - Core tar 2024-01-09 ALAS2-2024-2390
Amazon Linux 2023 tar 2024-01-08 ALAS2023-2024-475

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 2.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L