SUSE: CVE-2022-48303: SUSE Linux Security Advisory

SUSE: CVE-2022-48303: SUSE Linux Security Advisory

Severity

5

CVSS

(AV:L/AC:M/Au:N/C:N/I:N/A:C)

Published

01/30/2023

Created

02/22/2023

Added

02/21/2023

Modified

01/28/2025

Description

GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.

Solution(s)

• suse-upgrade-tar
• suse-upgrade-tar-backup-scripts
• suse-upgrade-tar-doc
• suse-upgrade-tar-lang
• suse-upgrade-tar-rmt
• suse-upgrade-tar-tests

References

• https://attackerkb.com/topics/cve-2022-48303
• CVE - 2022-48303