Описание
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1.29b-2ubuntu0.4 |
| devel | released | 1.34+dfsg-1.2ubuntu1 |
| esm-infra-legacy/trusty | not-affected | 1.27.1-1ubuntu0.1+esm3 |
| esm-infra/bionic | not-affected | 1.29b-2ubuntu0.4 |
| esm-infra/focal | not-affected | 1.30+dfsg-7ubuntu0.20.04.3 |
| esm-infra/xenial | released | 1.28-2.1ubuntu0.2+esm2 |
| focal | released | 1.30+dfsg-7ubuntu0.20.04.3 |
| jammy | released | 1.34+dfsg-1ubuntu0.1.22.04.1 |
| kinetic | released | 1.34+dfsg-1ubuntu0.1.22.10.1 |
| lunar | released | 1.34+dfsg-1.2ubuntu0.1 |
Показывать по
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in ...
EPSS
5.5 Medium
CVSS3