CVE-2023-39804

MEDIUM

GNU tar < 1.35 - Denial of Service via PAX Archive Extension Attributes

Title source: llm

In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.

Core 4

Core References

Mailing List

Patch

Product

Mailing List

CVSS v3 6.2

EPSS 0.0004

EPSS Percentile 10.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Status published

Products (1)

gnu/tar < 1.35

Published Mar 27, 2024

Tracked Since Feb 18, 2026