Gbdngb12

**Name of the Vulnerable Software and Affected Versions** libarchive versions 3.7.7 and earlier **Description** The issue is a heap-based buffer over-read in the `header gnu longlink` function in `archive read support format tar.c` via a TAR archive. This occurs because the software mishandles truncation in the middle of a GNU long linkname. **Recommendations** For versions 3.7.7 and earlier, consider disabling the `header gnu longlink` function in `archive read support format tar.c` to prevent exploitation until a patch is available. Restrict access to TAR archives to minimize the risk of exploitation. Avoid using the `archive read support format tar.c` function with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.