Heap buffer overflow in coalesce

bug-tar

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Heap buffer overflow in coalesce_segment

From:	Kenneth Salt
Subject:	Heap buffer overflow in coalesce_segment
Date:	Wed, 1 Nov 2023 18:55:22 -0300

tar.1.35 has a heap buffer overflow vulnerability when splitting words through the wordsplit library.

reproduction case: ./tar1.35 --group-map=<(python3 -c 'print("\x27\x27\x3f\x3f"+"A"*4035)')
The changes in coalesce_segment from 1.34 to 1.35 cause the above testcase to memcpy into a length one buffer without checking boundaries.

Thanks

Kenneth&Rutvik

[Prev in Thread]

Current Thread

[Next in Thread]

Heap buffer overflow in coalesce_segment, Kenneth Salt <=

Prev by Date: Re: Possible Memcpy and write out of bounds error in Wordsplit.
Previous by thread: Possible Memcpy and write out of bounds error in Wordsplit.
Index(es):
- Date
- Thread