Out-of-Bounds Read Vulnerability in GNU Tar by GNU
CVE-2022-48303

5.5MEDIUM

Key Information:

Vendor

Gnu
Status
Tar
Vendor
CVE Published:
30 January 2023

What is CVE-2022-48303?

GNU Tar versions up to 1.34 contain an out-of-bounds read vulnerability that can lead to the use of uninitialized memory. This flaw manifests in the 'from_header' function within the list.c file when processing a V7 archive that includes an mtime with approximately 11 whitespace characters. While exploiting this issue to manipulate control flow has not been demonstrated, it raises concerns about the security of applications relying on GNU Tar for archiving and data manipulation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://savannah.gnu.org/bugs/?62387
https://savannah.gnu.org/patch/?10307
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.