Vulnerabilities > CVE-2019-9923 - NULL Pointer Dereference vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | Gnu
| 39 |
OS | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0228_TAR.NASL description An update of the tar package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 124868 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124868 title Photon OS 1.0: Tar PHSA-2019-1.0-0228 NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1347.NASL description According to the version of the tar package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - tar: null-pointer dereference in pax_decode_header in sparse.c.(CVE-2019-9923) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-05-06 plugin id 124633 published 2019-05-06 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124633 title EulerOS 2.0 SP5 : tar (EulerOS-SA-2019-1347) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1237.NASL description This update for tar fixes the following issues : Security issues fixed : - CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496). - CVE-2018-20482: Fixed a denial of service when the last seen 2020-06-01 modified 2020-06-02 plugin id 124188 published 2019-04-19 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124188 title openSUSE Security Update : tar (openSUSE-2019-1237) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1600.NASL description According to the version of the tar package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - tar: null-pointer dereference in pax_decode_header in sparse.c.(CVE-2019-9923) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-05-29 plugin id 125527 published 2019-05-29 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125527 title EulerOS 2.0 SP2 : tar (EulerOS-SA-2019-1600) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0926-1.NASL description This update for tar fixes the following issues : Security issues fixed : CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496). CVE-2018-20482: Fixed a denial of service when the last seen 2020-06-01 modified 2020-06-02 plugin id 123995 published 2019-04-11 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123995 title SUSE SLED15 / SLES15 Security Update : tar (SUSE-SU-2019:0926-1) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-2_0-0154_TAR.NASL description An update of the tar package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 125080 published 2019-05-15 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125080 title Photon OS 2.0: Tar PHSA-2019-2.0-0154 NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1624.NASL description According to the version of the tar package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.(CVE-2019-9923) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 125576 published 2019-05-30 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125576 title EulerOS Virtualization for ARM 64 3.0.2.0 : tar (EulerOS-SA-2019-1624) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1601.NASL description According to the version of the tar package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - tar: null-pointer dereference in pax_decode_header in sparse.c.(CVE-2019-9923) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-05-29 plugin id 125528 published 2019-05-29 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125528 title EulerOS 2.0 SP3 : tar (EulerOS-SA-2019-1601) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1366.NASL description According to the version of the tar package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.(CVE-2019-9923) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124744 published 2019-05-10 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124744 title EulerOS Virtualization 2.5.3 : tar (EulerOS-SA-2019-1366) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1608.NASL description According to the version of the tar package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.(CVE-2019-9923) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 125560 published 2019-05-30 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125560 title EulerOS Virtualization 3.0.1.0 : tar (EulerOS-SA-2019-1608)
References
- http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html
- http://savannah.gnu.org/bugs/?55369
- https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
- http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
- https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241
- http://savannah.gnu.org/bugs/?55369
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html