Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2022-48303

GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters. (CVE-2022-48303)

Source

ALAS2-2023-1994

Amazon Linux 2 Security Advisory: ALAS-2023-1994
Advisory Release Date: 2023-03-17 16:34 Pacific
Advisory Updated Date: 2023-03-21 23:24 Pacific

Severity: Important

References: CVE-2022-48303
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters. (CVE-2022-48303)

Affected Packages:

tar

Issue Correction:
Run yum update tar to update your system.

New Packages:

aarch64:
    tar-1.26-35.amzn2.0.1.aarch64
    tar-debuginfo-1.26-35.amzn2.0.1.aarch64

i686:
    tar-1.26-35.amzn2.0.1.i686
    tar-debuginfo-1.26-35.amzn2.0.1.i686

src:
    tar-1.26-35.amzn2.0.1.src

x86_64:
    tar-1.26-35.amzn2.0.1.x86_64
    tar-debuginfo-1.26-35.amzn2.0.1.x86_64

Additional References

Red Hat: CVE-2022-48303

Mitre: CVE-2022-48303

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALAS2-2023-1994

ALAS2-2023-1994

Additional References

Vulmon Search

About

Products

Connect