CVE-2023-30577

2023-07-2617:15:10

Google

osv.dev

amanda

vulnerability

runtar.c

tag-community-3.5.4

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.6%

JSON

AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705.

CPENameOperatorVersion
amandaeqsubtag-community-3.5.1
amandaeqtag-3.5.x
amandaeqtag-community-3.5
amandaeqtag-3.4.x
amandaeqtag-2.6.1
amandaeqtag-3.3.x
amandaeqtag-core-3.6.rel
amandaeqtag-3.5.1.internal
amandaeqsubtag-community-3.5
amandaeqtag-2.6.0.beta2

Name	Operator	Version
amanda	eq	subtag-community-3.5.1
amanda	eq	tag-3.5.x
amanda	eq	tag-community-3.5
amanda	eq	tag-3.4.x
amanda	eq	tag-2.6.1
amanda	eq	tag-3.3.x
amanda	eq	tag-core-3.6.rel
amanda	eq	tag-3.5.1.internal
amanda	eq	subtag-community-3.5
amanda	eq	tag-2.6.0.beta2