GNU Sharutils shar Command Line Parsing Buffer Overflow Vulnerability

GNU Sharutils shar Command Line Parsing Buffer Overflow Vulnerability

The 'shar' utility is reported prone to a command line parsing buffer-overflow vulnerability when parsing commands. This issue occurs because the utility fails to properly validate the size of user-supplied strings before copying them to a finite buffer.

Note that 'shar' is not in itself a setuid or setgid application. However, an application that is setuid or setgid may invoke this utility with user-supplied arguments.

Successful exploitation would immediately produce a denial-of-service condition in the affected process. Attackers may also leverage this issue to execute code on the affected system with the privileges of the user that invoked the vulnerable application.