{"id":"AZL-52625","summary":"CVE-2023-39804 affecting package tar for versions less than 1.34-3","details":"In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.","modified":"2026-04-01T05:17:53.460455Z","published":"2024-03-27T04:15:08Z","upstream":["CVE-2023-39804"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39804"}],"affected":[{"package":{"name":"tar","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/tar"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.34-3"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-52625.json"}}],"schema_version":"1.7.5"}