cve/2022/CVE-2022-48303.md

### [CVE-2022-48303](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48303)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.

### POC

#### Reference
- https://savannah.gnu.org/bugs/?62387
- https://savannah.gnu.org/bugs/?62387

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Dalifo/wik-dvs-tp02
- https://github.com/PajakAlexandre/wik-dps-tp02
- https://github.com/mauraneh/WIK-DPS-TP02
- https://github.com/seal-community/patches
- https://github.com/testing-felickz/docker-scout-demo