{"id":"CVE-2023-39804","details":"In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.","modified":"2026-03-14T12:08:36.591294Z","published":"2024-03-27T04:15:08.897Z","related":["SUSE-SU-2024:0070-1","SUSE-SU-2024:0070-2","SUSE-SU-2024:0071-1","openSUSE-SU-2024:13751-1"],"references":[{"type":"WEB","url":"https://git.savannah.gnu.org/cgit/tar.git/tree/src/xheader.c?h=release_1_34#n1723"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00008.html"},{"type":"FIX","url":"https://git.savannah.gnu.org/cgit/tar.git/commit/?id=a339f05cd269013fa133d2f148d73f6f7d4247e4"},{"type":"ARTICLE","url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058079"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"1.35"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-39804.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}