Description
Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header. _read_tar() reads each entry's payload with $handle->read($$data, $block), where $block is derived from the entry's 12-byte size field in the tar header with no upper bound on that value. A crafted header declaring a multi-gigabyte size causes Perl to allocate a scalar of that size.
Mitigation
Minimal update. May introduce new vulnerabilities or breaking changes.
|
 debian 11 | | =5.32.1-4 || =5.32.1-4+deb11u1 || =5.32.1-4+deb11u2 || =5.32.1-4+deb11u3 || =5.32.1-4+deb11u4 || =5.32.1-4+deb11u5 || =5.32.1-5 || =5.32.1-6 || =5.34.0-1 || =5.34.0-2 || =5.34.0-3 || =5.34.0-4 || =5.34.0-5 || =5.34.0~rc2-1 || =5.36.0-1 || =5.36.0-10 || =5.36.0-2 || =5.36.0-3 || =5.36.0-4 || =5.36.0-5 || =5.36.0-6 || =5.36.0-7 || =5.36.0-8 || =5.36.0-9 || =5.38.0-1 || =5.38.0-2 || =5.38.0~rc2-1 || =5.38.2-1 || =5.38.2-2 || =5.38.2-3 || =5.38.2-3.1 || =5.38.2-3.2 || =5.38.2-3.2+hurd.1 || =5.38.2-4 || =5.38.2-5 || =5.40.0-1 || =5.40.0-2 || =5.40.0-3 || =5.40.0-4 || =5.40.0-5 || =5.40.0-6 || =5.40.0-7 || =5.40.0-8 || =5.40.0~rc1-1 || =5.40.1-1 || =5.40.1-2 || =5.40.1-3 || =5.40.1-4 || =5.40.1-5 || =5.40.1-6 || =5.40.1-7 || =5.42.0-1 || =5.42.0-2 || =5.42.0-3 || =5.42.2-1 |
debian 12 | | =5.36.0-10 || =5.36.0-7 || =5.36.0-7+deb12u1 || =5.36.0-7+deb12u2 || =5.36.0-7+deb12u3 || =5.36.0-8 || =5.36.0-9 || =5.38.0-1 || =5.38.0-2 || =5.38.0~rc2-1 || =5.38.2-1 || =5.38.2-2 || =5.38.2-3 || =5.38.2-3.1 || =5.38.2-3.2 || =5.38.2-3.2+hurd.1 || =5.38.2-4 || =5.38.2-5 || =5.40.0-1 || =5.40.0-2 || =5.40.0-3 || =5.40.0-4 || =5.40.0-5 || =5.40.0-6 || =5.40.0-7 || =5.40.0-8 || =5.40.0~rc1-1 || =5.40.1-1 || =5.40.1-2 || =5.40.1-3 || =5.40.1-4 || =5.40.1-5 || =5.40.1-6 || =5.40.1-7 || =5.42.0-1 || =5.42.0-2 || =5.42.0-3 || =5.42.2-1 |
debian 14 | | =5.40.1-6 || =5.40.1-7 || =5.42.0-1 || =5.42.0-2 || =5.42.0-3 || =5.42.2-1 |
debian 13 | | =5.40.1-6 || =5.40.1-7 || =5.42.0-1 || =5.42.0-2 || =5.42.0-3 || =5.42.2-1 |
