node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few seconds of running it using a path with too many sub-folders inside. Version 6.2.1 fixes this issue by preventing extraction in excessively deep sub-folders.
History

Thu, 07 Nov 2024 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat satellite
CPEs cpe:/a:redhat:satellite_maintenance:6.16::el8
cpe:/a:redhat:satellite_maintenance:6.16::el9
cpe:/a:redhat:satellite:6.16::el8
Vendors & Products Redhat satellite Maintenance
Redhat satellite

Wed, 06 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat satellite Maintenance
CPEs cpe:/a:redhat:satellite_maintenance:6.16::el8
cpe:/a:redhat:satellite_maintenance:6.16::el9
Vendors & Products Redhat satellite Maintenance

Thu, 26 Sep 2024 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhmt
CPEs cpe:/a:redhat:rhmt:1.8::el8
Vendors & Products Redhat rhmt

Fri, 06 Sep 2024 14:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:9

Mon, 26 Aug 2024 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:8
Vendors & Products Redhat enterprise Linux

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-03-21T22:10:23.603Z

Updated: 2024-08-02T13:53:49.389Z

Reserved: 2024-03-11T22:45:07.686Z

Link: CVE-2024-28863

cve-icon Vulnrichment

Updated: 2024-08-02T00:56:58.545Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-03-21T23:15:10.910

Modified: 2024-11-21T09:07:04.023

Link: CVE-2024-28863

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-03-21T00:00:00Z

Links: CVE-2024-28863 - Bugzilla