Chris Siebenmann

**Name of the Vulnerable Software and Affected Versions** GNU Tar versions 1.30 and earlier **Description** The issue is related to the `sparse dump region` function in GNU Tar, which mishandles file shrinkage during read access when the `--sparse` flag is used. This can be exploited by local users to cause a denial of service, resulting in an infinite read loop, by modifying a file that is supposed to be archived by a different user's process, such as a system backup running as root. The vulnerability can also be exploited remotely to cause a denial of service. **Recommendations** For GNU Tar versions 1.30 and earlier, consider disabling the `--sparse` flag as a temporary workaround to prevent exploitation until a patch is available. Restrict access to the `sparse dump region` function in `sparse.c` to minimize the risk of denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.