libarchive and bsdtar Buffer Overflow Vulnerability Leading to Denial-of-Service

A buffer overflow vulnerability has been identified in libarchive versions through 3.7.7, specifically within the bsdtar utility. The issue arises in the tar/util.c file, where the 'list_item_verbose' function fails to properly validate the return value of 'strftime'. This oversight can be exploited by a crafted TAR archive, particularly when read with a verbose flag of 2, potentially causing a denial-of-service or unspecified additional impacts. For instance, a 100-byte buffer may be inadequate for certain custom locales.

Impact

Exploitation of this vulnerability can lead to a buffer overflow, allowing for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by using bsdtar to extract a crafted TAR archive with the '-vv' option, which enables verbose output. The crafted archive should be designed to exploit the 'list_item_verbose' function by including elements that trigger the improper 'strftime' return value handling, such as locale-specific data that exceeds the 100-byte buffer limit.