CVE-2022-48303

Updated: 2023-11-04 20:36:12.818799

Description:

GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x MEDIUM 5.5

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU tar 1.34 5.5 MEDIUM Ignored 2023-11-08 04:07:46
CentOS 6 ELS tar 1.23-15 5.5 MEDIUM Released CLSA-2023:1677791921 2023-03-13 21:03:50
CentOS 7 ELS tar 1.26 5.5 MEDIUM Ignored 2023-09-19 09:30:10
CentOS 8.4 ELS tar 1.30-5 5.5 MEDIUM Released CLSA-2023:1677783720 2023-03-02 16:04:16
CentOS 8.5 ELS tar 1.30-5 5.5 MEDIUM Released CLSA-2023:1677783889 2023-03-02 16:04:16
CloudLinux 6 ELS tar 1.23-15 5.5 MEDIUM Released CLSA-2023:1677792622 2023-03-13 21:03:49
Oracle Linux 6 ELS tar 1.23-15 5.5 MEDIUM Released CLSA-2023:1677783967 2023-03-02 16:04:15
Ubuntu 16.04 ELS tar 1.28-2.1 5.5 MEDIUM Released CLSA-2023:1677784249 2023-03-02 16:04:16
Ubuntu 18.04 ELS tar 1.29b-2 5.5 MEDIUM Already Fixed 2023-11-06 08:42:20