[Debian] Medium CVE: CVE-2022-48303/CVE-2023-39804 tar : multiple CVEs
Bug #2052926 reported by
Yue Tao
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
High
|
Wentao Zhang |
Bug Description
CVE-2022-48303: https:/
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.
CVE-2023-39804: https:/
None
Base Score: Medium
Reference:
['tar_1.
CVE References
Changed in starlingx: | |
assignee: | nobody → Wentao Zhang (wzhang4) |
To post a comment you must log in.
Fix proposed to branch: master /review. opendev. org/c/starlingx /tools/ +/910298
Review: https:/