tar-split

mirror of https://github.com/vbatts/tar-split.git synced 2025-02-08 19:13:33 +00:00

History

Vincent Batts 1c425c4aaa archive/tar: fix for CVE-2022-2879 Fixes: #76 In a specially crafted tar archive can cause `io.ReadAll()` to overrun the memory. The fix is taken from upstream golang, as this tar-split repo carries an old fork from upstream. Thanks to @tojoos and @bainsy88 for reporting. References: - https://nvd.nist.gov/vuln/detail/cve-2022-2879 - https://github.com/golang/go/commit/0bf7ee9 - https://go-review.googlesource.com/c/go/+/439355/2/src/archive/tar/reader.go#106 Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>	2025-01-20 10:25:58 -05:00
..
tar	archive/tar: fix for CVE-2022-2879	2025-01-20 10:25:58 -05:00

archive/tar: fix for CVE-2022-2879

Fixes: #76

In a specially crafted tar archive can cause `io.ReadAll()` to overrun
the memory.
The fix is taken from upstream golang, as this tar-split repo carries an
old fork from upstream.

Thanks to @tojoos and @bainsy88 for reporting.

References:
- https://nvd.nist.gov/vuln/detail/cve-2022-2879
- https://github.com/golang/go/commit/0bf7ee9
- https://go-review.googlesource.com/c/go/+/439355/2/src/archive/tar/reader.go#106

Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>

2025-01-20 10:25:58 -05:00

tar

archive/tar: fix for CVE-2022-2879

2025-01-20 10:25:58 -05:00