You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This isse has been reported by me on the FreeBSD bugtracker. The mentioned example file has been attached to the bug report there which is reproduced below.
The FreeBSD tar(1) program uses a heuristic to check if an archive file is compressed. If it is, it calls into an appropriate library to receive a decompressed stream. Then it applies the heuristic again to catch the case of an archive that has been compressed multiple times. There is no limit to the number of recursive decompressions.
Using a crafted gzip file (the attached file is a quine that unpacks to itself), one can get tar(1) to invoke an infinite chain of gzip compressors until all the memory on the machine running tar(1) has been exhausted or another resource limit kicks in.
I see this behaviour as a bug and security problem. It can be used to perform denial-of-service attacks against machines that run FreeBSD and use tar(1) to list the contents of untrusted archives.
The text was updated successfully, but these errors were encountered:
This isse has been reported by me on the FreeBSD bugtracker. The mentioned example file has been attached to the bug report there which is reproduced below.
The text was updated successfully, but these errors were encountered: