CVE-2022-48303
Summary
| CVE | CVE-2022-48303 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-01-30 04:15:00 UTC |
|---|
| Updated | 2023-05-30 17:16:00 UTC |
|---|
| Description | GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| GNU tar - Bugs: bug #62387, [SECURITY] Heap Buffer Overflow [Savannah] |
MISC |
savannah.gnu.org |
|
| [SECURITY] Fedora 38 Update: tar-1.34-8.fc38 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [SECURITY] Fedora 37 Update: tar-1.34-6.fc37 - package-announce - Fedora Mailing-Lists |
MISC |
lists.fedoraproject.org |
|
| GNU tar - Patches: patch #10307, Fix savannah bug #62387 [Savannah] |
MISC |
savannah.gnu.org |
|
| [SECURITY] Fedora 37 Update: tar-1.34-6.fc37 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [SECURITY] Fedora 38 Update: tar-1.34-8.fc38 - package-announce - Fedora Mailing-Lists |
MISC |
lists.fedoraproject.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160470 Oracle Enterprise Linux Security Update for tar (ELSA-2023-0842)
- 160482 Oracle Enterprise Linux Security Update for tar (ELSA-2023-0959)
- 199199 Ubuntu Security Notification for tar Vulnerability (USN-5900-1)
- 199357 Ubuntu Security Notification for tar Vulnerability (USN-5900-2)
- 241201 Red Hat Update for tar (RHSA-2023:0842)
- 241223 Red Hat Update for tar (RHSA-2023:0959)
- 242153 Red Hat Update for tar (RHSA-2023:5610)
- 283809 Fedora Security Update for tar (FEDORA-2023-123778d70d)
- 284232 Fedora Security Update for tar (FEDORA-2023-f72d3caf36)
- 296099 Oracle Solaris 11.4 Support Repository Update (SRU) 57.144.3 Missing (CPUAPR2023)
- 354827 Amazon Linux Security Advisory for tar : ALAS2-2023-1994
- 354839 Amazon Linux Security Advisory for tar : ALAS-2023-1704
- 355070 Amazon Linux Security Advisory for tar : AL2012-2023-394
- 355131 Amazon Linux Security Advisory for tar : ALAS2023-2023-153
- 378121 Alibaba Cloud Linux Security Update for tar (ALINUX3-SA-2023:0031)
- 502673 Alpine Linux Security Update for tar
- 502792 Alpine Linux Security Update for tar
- 672996 EulerOS Security Update for tar (EulerOS-SA-2023-1856)
- 673011 EulerOS Security Update for tar (EulerOS-SA-2023-1881)
- 673039 EulerOS Security Update for tar (EulerOS-SA-2023-1964)
- 673045 EulerOS Security Update for tar (EulerOS-SA-2023-1986)
- 673068 EulerOS Security Update for tar (EulerOS-SA-2023-2198)
- 673112 EulerOS Security Update for tar (EulerOS-SA-2023-2174)
- 673130 EulerOS Security Update for tar (EulerOS-SA-2023-2279)
- 673131 EulerOS Security Update for tar (EulerOS-SA-2023-2303)
- 710865 Gentoo Linux GNU Tar Out of Bounds Read Vulnerability (GLSA 202402-12)
- 753714 SUSE Enterprise Linux Security Update for tar (SUSE-SU-2023:0441-1)
- 753720 SUSE Enterprise Linux Security Update for tar (SUSE-SU-2023:0463-1)
- 940932 AlmaLinux Security Update for tar (ALSA-2023:0842)
- 940950 AlmaLinux Security Update for tar (ALSA-2023:0959)
- 960652 Rocky Linux Security Update for tar (RLSA-2023:0842)
- 960906 Rocky Linux Security Update for tar (RLSA-2023:0959)
