CVE 2023-39804

In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.

Related bugs and status

CVE-2023-39804 (Candidate) is related to these bugs:

Bug #2029464: A stack overflow in GNU Tar

Summary				In	Importance	Status
	2029464	A stack overflow in GNU Tar		tar (Ubuntu)	Undecided	Fix Released

Bug #2052926: [Debian] Medium CVE: CVE-2022-48303/CVE-2023-39804 tar : multiple CVEs

Summary				In	Importance	Status
	2052926	[Debian] Medium CVE: CVE-2022-48303/CVE-2023-39804 tar : multiple CVEs		StarlingX	High	Fix Released

See the

CVE page on Mitre.org for more details.