Updated: 2023-11-04 20:36:12.818799
Description:
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | 0 | |
CVSS Version 3.x | MEDIUM | 5.5 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated |
---|---|---|---|---|---|---|---|
AlmaLinux 9.2 ESU | tar | 1.34 | 5.5 | MEDIUM | Ignored | 2023-11-08 04:07:46 | |
CentOS 6 ELS | tar | 1.23-15 | 5.5 | MEDIUM | Released | CLSA-2023:1677791921 | 2023-03-13 21:03:50 |
CentOS 7 ELS | tar | 1.26 | 5.5 | MEDIUM | Ignored | 2023-09-19 09:30:10 | |
CentOS 8.4 ELS | tar | 1.30-5 | 5.5 | MEDIUM | Released | CLSA-2023:1677783720 | 2023-03-02 16:04:16 |
CentOS 8.5 ELS | tar | 1.30-5 | 5.5 | MEDIUM | Released | CLSA-2023:1677783889 | 2023-03-02 16:04:16 |
CloudLinux 6 ELS | tar | 1.23-15 | 5.5 | MEDIUM | Released | CLSA-2023:1677792622 | 2023-03-13 21:03:49 |
Oracle Linux 6 ELS | tar | 1.23-15 | 5.5 | MEDIUM | Released | CLSA-2023:1677783967 | 2023-03-02 16:04:15 |
Ubuntu 16.04 ELS | tar | 1.28-2.1 | 5.5 | MEDIUM | Released | CLSA-2023:1677784249 | 2023-03-02 16:04:16 |
Ubuntu 18.04 ELS | tar | 1.29b-2 | 5.5 | MEDIUM | Already Fixed | 2023-11-06 08:42:20 |