diff options
| author | Rodolfo Quesada Zumbado <rodolfo.zumbado@windriver.com> | 2023-02-17 15:01:23 -0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-02-24 16:41:46 +0000 |
| commit | 2a00f15354084cee6b2183fcdbfdfc7826c365da (patch) | |
| tree | 6534acc34231d95f0fe0a8946473f7344c829d0d /scripts/lib/devtool/runqemu.py | |
| parent | 6505459809380ddcf152a09343e4dc55038de332 (diff) | |
| download | poky-2a00f15354084cee6b2183fcdbfdfc7826c365da.tar.gz | |
tar: CVE-2022-48303
Fixes CVE-2022-48303 by checking Base-256 encoding is at least
2 bytes long. GNU Tar through 1.34 has a one-byte out-of-bounds
read that results in use of uninitialized memory for a conditional
jump. Exploitation to change the flow of control has not been
demonstrated. The issue occurs in from_header in list.c via a
V7 archive in which mtime has approximately 11 whitespace characters.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-48303
Upstream patch:
https://savannah.gnu.org/bugs/?62387
https://git.savannah.gnu.org/cgit/tar.git/patch/src/list.c?id=3da78400eafcccb97e2f2fd4b227ea40d794ede8
(From OE-Core rev: 231360a55bf1b96d6bb1cf94820b08788677c58b)
Signed-off-by: Rodolfo Quesada Zumbado <rodolfo.zumbado@windriver.com>
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'scripts/lib/devtool/runqemu.py')
0 files changed, 0 insertions, 0 deletions