Upstream information
Description
node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few seconds of running it using a path with too many sub-folders inside. Version 6.2.1 fixes this issue by preventing extraction in excessively deep sub-folders.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having not set severity.
No SUSE Bugzilla entries cross referenced. No SUSE Security Announcements cross referenced.List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
SUSE Liberty Linux 8 |
| Patchnames: RHSA-2024:5814 RHSA-2024:6148 |
SUSE Liberty Linux 9 |
| Patchnames: RHSA-2024:6147 |
SUSE Timeline for this CVE
CVE page created: Fri Mar 22 01:00:12 2024CVE page last modified: Tue Sep 3 19:34:23 2024