VDB
JLSEC-2026-185
JLSEC-2026-185
PUBLISHED
CVSS 8.699999809265137 HIGH
In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.
Risk Scores
CVSS v4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Julia | Tar_jll | 0, 0 |
Timeline
- Apr 24, 2026 CVE Published
- Apr 24, 2026 CVE Updated
References
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058079 url
- https://git.savannah.gnu.org/cgit/tar.git/commit/?id=a339f05cd269013fa133d2f148d73f6f7d4247e4 url
- https://git.savannah.gnu.org/cgit/tar.git/tree/src/xheader.c?h=release_1_34#n1723 url
- https://lists.debian.org/debian-lts-announce/2024/03/msg00008.html url