66 matches found
OESA-2023-1106 tar security update
GNU Tar provides the ability to create tar archives, as well as various other kinds of manipulation. For example, you can use Tar on previously created archives to extract files, to store additional files, or to update or list files which were already stored. Security Fixes: GNU Tar through 1.34...
PT-2023-36029 · Hdf5 · Hdf5
Name of the Vulnerable Software and Affected Versions: HDF5 affected versions not specified Description: A heap buffer overflow issue has been identified, which can cause a crash. The crash occurs due to a WRITE 1 heap-buffer-overflow. The functions involved in the crash include H5O mtime new...
OESA-2023-1104 tar security update
GNU Tar provides the ability to create tar archives, as well as various other kinds of manipulation. For example, you can use Tar on previously created archives to extract files, to store additional files, or to update or list files which were already stored. Security Fixes: GNU Tar through 1.34...
OESA-2023-1103 tar security update
GNU Tar provides the ability to create tar archives, as well as various other kinds of manipulation. For example, you can use Tar on previously created archives to extract files, to store additional files, or to update or list files which were already stored. Security Fixes: GNU Tar through 1.34...
OESA-2023-1089 tar security update
GNU Tar provides the ability to create tar archives, as well as various other kinds of manipulation. For example, you can use Tar on previously created archives to extract files, to store additional files, or to update or list files which were already stored. Security Fixes: GNU Tar through 1.34...
SUSE CVE-2020-15701
An unhandled exception in checkignored in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.1...
SUSE CVE-2022-48303
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in fromheader in list.c via a V7 archive in which mtime has approximately 11 whitespace...
ROS-20230203-01
A vulnerability in the GNU Tar archiver is related to the fromheader function in list.c via the V7 archive, in which mtime contains approximately 11 whitespace characters. Exploitation of the vulnerability could allow an attacker, acting remotely, to transmit special data to the application and...
Out-of-Bounds
Overview Affected versions of this package are vulnerable to Out-of-Bounds in fromheader via a V7 archive in which mtime have approximately 11 whitespace characters. It results in the use of uninitialized memory for a conditional jump. Remediation A fix was pushed into the master branch but not y...
ALPINE-CVE-2022-48303
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in fromheader in list.c via a V7 archive in which mtime has approximately 11 whitespace...
DEBIAN-CVE-2022-48303
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in fromheader in list.c via a V7 archive in which mtime has approximately 11 whitespace...
CVE-2022-48303
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in fromheader in list.c via a V7 archive in which mtime has approximately 11 whitespace...
AZL-37145 CVE-2022-48303 affecting package tar for versions less than 1.34-3
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in fromheader in list.c via a V7 archive in which mtime has approximately 11 whitespace...
UBUNTU-CVE-2022-48303
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in fromheader in list.c via a V7 archive in which mtime has approximately 11 whitespace...
CVE-2022-48303
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in fromheader in list.c via a V7 archive in which mtime has approximately 11 whitespace...
CVE-2020-15701
An unhandled exception in checkignored in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.1...
CVE-2020-15701
An unhandled exception in checkignored in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.1...
Code injection
An unhandled exception in checkignored in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.1...
CVE-2020-15701
The CVE-2020-15701 issue affects the apport component (Apport) where an unhandled exception in check_ignored() can crash the process if mtime in apport-ignore.xml is a string, enabling a local DoS. Exploitation details are not described beyond local access prerequisites. The vulnerability is addr...
UBUNTU-CVE-2020-15701
An unhandled exception in checkignored in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.1...