Author bc
Recipients bc, ethan.furman, jvoisin, lars.gustaebel, serhiy.storchaka
Date 2020-07-08.19:37:56
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
I've attached a minimal tar file which reproduces this. I think the minimum length is 516 bytes.

We need a 512 byte PAX format header block as normal.

Then we need a pax header which matches the regex in

    length, keyword = re.compile(br"(\d+) ([^=]+)=").groups()

We use the `length` variable to iterate:

    while True:
        pos += length

So we can start the block with "0 X=". This makes length=0. So it will increment pos by 0 each loop and loop the same code forever.

Nice find.

Do you think this denial of service is worth requesting a CVE for? If so, can someone else do it.
Date User Action Args
2020-07-08 19:37:57bcsetrecipients: + bc, lars.gustaebel, ethan.furman, serhiy.storchaka, jvoisin
2020-07-08 19:37:57bcsetmessageid: <>
2020-07-08 19:37:57bclinkissue39017 messages
2020-07-08 19:37:56bccreate