|
|
Subscribe / Log in / New account

libarchive "bsdtar" tar extraction exploit

libarchive "bsdtar" tar extraction exploit

Posted Apr 1, 2024 6:43 UTC (Mon) by ma4ris8 (subscriber, #170509)
Parent article: A backdoor in xz

JFrog shows "bsdtar" proof of concept of the "libarchive" modification
at https://jfrog.com/blog/xz-backdoor-attack-cve-2024-3094-a...

JFrog states:
"In 2021, JiaT75 submitted a pull request to the libarchive repository with the title ‘Added error text to warning when untaring with bsdtar’ which seemed legitimate at first glance. "

to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds