diff options
| author | Rodolfo Quesada Zumbado <rodolfo.zumbado@windriver.com> | 2023-02-17 15:01:23 -0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-02-24 16:41:51 +0000 |
| commit | 7b705177438abe228d37218d6dc66d4b47f26aaf (patch) | |
| tree | 7fab85d142cbd5d1e27ca3e0a61cb863a799fde2 /scripts/lib/scriptpath.py | |
| parent | c0644f13a79bf976f5a6e8653ca51c9bb82a2454 (diff) | |
| download | poky-7b705177438abe228d37218d6dc66d4b47f26aaf.tar.gz | |
tar: CVE-2022-48303
Fixes CVE-2022-48303 by checking Base-256 encoding is at least
2 bytes long. GNU Tar through 1.34 has a one-byte out-of-bounds
read that results in use of uninitialized memory for a conditional
jump. Exploitation to change the flow of control has not been
demonstrated. The issue occurs in from_header in list.c via a
V7 archive in which mtime has approximately 11 whitespace characters.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-48303
Upstream patch:
https://savannah.gnu.org/bugs/?62387
https://git.savannah.gnu.org/cgit/tar.git/patch/src/list.c?id=3da78400eafcccb97e2f2fd4b227ea40d794ede8
(From OE-Core rev: 5223319b43811228d83c2bdac3e542b9a8852dfd)
Signed-off-by: Rodolfo Quesada Zumbado <rodolfo.zumbado@windriver.com>
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'scripts/lib/scriptpath.py')
0 files changed, 0 insertions, 0 deletions