OESA-2023-1103

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1103

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2023-1103.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2023-1103

Upstream

CVE-2022-48303

Published

2023-02-17T11:04:55Z

Modified

2025-08-12T05:16:21.597514Z

Summary

tar security update

Details

GNU Tar provides the ability to create tar archives, as well as various other kinds of manipulation. For example, you can use Tar on previously created archives to extract files, to store additional files, or to update or list files which were already stored.

Security Fix(es):

GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.(CVE-2022-48303)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:20.03-LTS-SP3 / tar

Package

Name: tar
Purl: pkg:rpm/openEuler/tar&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.32-3.oe1

Ecosystem specific

{
    "aarch64": [
        "tar-debuginfo-1.32-3.oe1.aarch64.rpm",
        "tar-debugsource-1.32-3.oe1.aarch64.rpm",
        "tar-1.32-3.oe1.aarch64.rpm"
    ],
    "src": [
        "tar-1.32-3.oe1.src.rpm"
    ],
    "noarch": [
        "tar-help-1.32-3.oe1.noarch.rpm"
    ],
    "x86_64": [
        "tar-debuginfo-1.32-3.oe1.x86_64.rpm",
        "tar-1.32-3.oe1.x86_64.rpm",
        "tar-debugsource-1.32-3.oe1.x86_64.rpm"
    ]
}