← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1912091] Re: Memory Leak GNU Tar 1.33

 

** Changed in: tar (Ubuntu Bionic)
       Status: New => Fix Released

** Changed in: tar (Ubuntu Focal)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1912091

Title:
  Memory Leak GNU Tar 1.33

Status in tar package in Ubuntu:
  Fix Released
Status in tar source package in Trusty:
  Fix Released
Status in tar source package in Xenial:
  Fix Released
Status in tar source package in Bionic:
  Fix Released
Status in tar source package in Focal:
  Fix Released

Bug description:
  
  An issue was discovered in GNU Tar 1.33 and earlier. There is a memory leak in read_header() in list.c in the tar application. Occastionally, ASAN detects an out of bounds memory read. Valgrind confirms the memory leak in the standard tar tool installed by default. This degrades the availability of the tar tool, and could potentially result in other memory-related issues.

  Common Weakness Enumeration IDs for reference:
  CWE-401: Missing Release of Memory after Effective Lifetime
  CWE-125: Out-of-bounds Read

  Attached to this report is a PoC malcrafted file "1311745-out-
  bounds.tar"

  VALGRIND OUTPUT:
  valgrind tar -xf 1311745-out-bounds.tar 
  ==3776== Memcheck, a memory error detector
  ==3776== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
  ==3776== Using Valgrind-3.16.1 and LibVEX; rerun with -h for copyright info
  ==3776== Command: tar -xf output/1311745-out-bounds.tar
  ==3776== 
  tar: Unexpected EOF in archive
  tar: Exiting with failure status due to previous errors
  ==3776== 
  ==3776== HEAP SUMMARY:
  ==3776==     in use at exit: 1,311,761 bytes in 2 blocks
  ==3776==   total heap usage: 52 allocs, 50 frees, 1,349,212 bytes allocated
  ==3776== 
  ==3776== LEAK SUMMARY:
  ==3776==    definitely lost: 1,311,745 bytes in 1 blocks
  ...

  NOTE: Version 1.30, 1.32, 1.33 were tested and confirmed to be
  vulnerable.

  lsb_release -rd
  Description:	Ubuntu 20.04.1 LTS
  Release:	20.04

  apt-cache policy tar
  tar:
    Installed: 1.30+dfsg-7ubuntu0.20.04.1
    Candidate: 1.30+dfsg-7ubuntu0.20.04.1

  ---
  Carlos

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1912091/+subscriptions