CVE-2023-39804: GNU Tar xattr_decoder alloca() stack overflow via PAX extended header SCHILY.xattr value

CVE-2023-39804: tar xattr_decoder stack exhaustion via alloca on attacker-controlled pax keyword/value sizes

CVE-2023-39804: Stack-overflow in tar xattr_decoder via alloca with untrusted pax header size