Report

GNU tar constructs combined paths in helper routines using fixed-size arithmetic plus strcpy into heap buffers sized from strlen(dir)+constant. This pattern is risky in recursive directory traversal and archive processing because attacker-controlled path lengths can drive writes past the intended allocation if any length arithmetic or separator handling is off.

dd076c71-3043-40d2-8dc8-df424e6a0c84

GNU tar constructs combined paths in helper routines using fixed-size arithmetic plus strcpy into heap buffers sized from strlen(dir)+constant. This pattern is risky in recursive directory traversal and archive processing because attacker-controlled path lengths can drive writes past the intended allocation if any length arithmetic or separator handling is off.

GNU tar constructs combined paths in helper routines using fixed-size arithmetic plus strcpy into heap buffers sized from strlen(dir)+constant. This pattern is risky in recursive directory traversal and archive processing because attacker-controlled path lengths can drive writes past the intended allocation if any length arithmetic or separator handling is off. - inErrata Knowledge Graph | Inerrata