CVE-2013-4397

Name of the Vulnerable Software and Affected Versions libtar versions prior to 1.2.20

Description The issue is related to multiple integer overflows in the th read function in lib/block.c in libtar, which can lead to a denial of service (crash) and possibly allow remote attackers to execute arbitrary code via a long name or link in an archive, triggering a heap-based buffer overflow. Exploitation of this issue can be done remotely and may result in the disruption of confidentiality, integrity, and availability of protected information.

Recommendations For versions prior to 1.2.20, update to version 1.2.20 or later to resolve the issue. As a temporary workaround, consider restricting access to the th read function in lib/block.c until a patch is available. Avoid using long names or links in archives to minimize the risk of exploitation.