GNU Tar through 1.34 has a one-byte... CVE-2022-48303

- AV AC AU C I A
发布: 2023-01-30
修订: 2024-11-21

GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.

0%
暂无可用Exp或PoC
当前有3条受影响产品信息