What the vulnerability does

01Description

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read.

Key dates

02Disclosure timeline

August 9, 2022 CVE published
November 3, 2025 Record updated