The vulnerability of the from_header function in the GNU Tar editor, related to out-of-memory reading, allows an attacker to gain access to confidential data.

🗓️ 06 Feb 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 5 Views

The from_header function has a memory vulnerability enabling remote access to confidential data.

Reporter	Title	Published	Views	Family All 167
IBM Security Bulletins	Security Bulletin: A vulnerability in tar package affects Data Replication on Cloud Pak for Data	7 Nov 202321:10	–	ibm
IBM Security Bulletins	Security Bulletin: CVE-2022-48303 may affect IBM CICS TX Advanced 10.1	8 Jun 202318:18	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability in GNU Tar may affect IBM Robotic Process Automation for Cloud Pak and result in a buffer overflow (CVE-2022-48303)	1 May 202314:58	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability in GNU Tar affects IBM MQ Operator and Queue manager container images (CVE-2022-48303)	30 Mar 202316:17	–	ibm
IBM Security Bulletins	Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in tar	11 Nov 202516:09	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js bl modules denial of service vulnerability( CVE-2020-8244) and GNU Tar buffer overflow vulnerability( CVE-2022-48303)	6 Jul 202318:02	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ Appliance is vulnerable to heap-based buffer overflow (CVE-2022-48303)	28 Jun 202312:55	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a heap-based buffer overflow in GNU Tar (CVE-2022-48303)	3 May 202314:11	–	ibm
IBM Security Bulletins	Security Bulletin: Netcool Operations Insights 1.6.10 addresses multiple security vulnerabilities.	27 Sep 202321:11	–	ibm
IBM Security Bulletins	Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities	26 Mar 202504:04	–	ibm

Vulners

Node

gnu gnu_tarRange<1.34

OR

red_hat red_hat_enterprise_linuxMatch7

OR

red_hat red_hat_enterprise_linuxMatch8

OR

red_hat red_hat_enterprise_linuxMatch9

Source	Link
savannah	www.savannah.gnu.org/bugs/
savannah	www.savannah.gnu.org/patch/
repo	www.repo.red-soft.ru/redos/7.3c/x86_64/updates/
security-tracker	www.security-tracker.debian.org/tracker/CVE-2022-48303
access	www.access.redhat.com/security/cve/CVE-2022-48303
goslinux	www.goslinux.fssp.gov.ru/2726972/
wiki	www.wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0426SE17
wiki	www.wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0727SE47
wiki	www.wiki.astralinux.ru/astra-linux-se16-bulletin-20231214SE16
xn--80ahaefyxhn	www.xn--80ahaefyxhn.xn--j1afgaq.xn--p1ai/bin/view/%D0%9E%D0%A1%D0%BD%D0%BE%D0%B2%D0%B0/%D0%9E%D0%B1%D0%BD%D0%BE%D0%B2%D0%BB%D0%B5%D0%BD%D0%B8%D1%8F/2.9/

13 Sep 2024 00:00Current

6.7Medium risk

Vulners AI Score6.7

CVSS 36.3

CVSS 27.5

EPSS0.04524

from_header function tar editor remote attacker confidential data memory vulnerability