all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

CVE-2023-38346 (vxworks)

Add to bookmarks
Sept. 22, 2023, 7:15 p.m. |

National Vulnerability Database web.nvd.nist.gov

An issue was discovered in Wind River VxWorks 6.9 and 7. The function ``tarExtract`` implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the "tarExtract" function may expect that the function will strip leading slashes from absolute paths or stop processing when encountering relative paths that are outside of the extraction path, unless otherwise forced. This could lead to unexpected and undocumented behavior, which in general could …

absolute archive cve developer expect file files function issue may processes relative river tar vxworks wind wind river

Visit resource

More from web.nvd.nist.gov / National Vulnerability Database

CVE-2023-45955 (lightstrip_firmware) 5 months, 3 weeks ago | web.nvd.nist.gov
attackers cve denial of service issue +1
CVE-2023-40101 (android) 5 months, 4 weeks ago | web.nvd.nist.gov
android check collapse cve +7
CVE-2023-21377 (android) 5 months, 4 weeks ago | web.nvd.nist.gov
android bypass cve disclosure +8
CVE-2023-21380 (android) 5 months, 4 weeks ago | web.nvd.nist.gov
android bluetooth buffer buffer overflow +9
CVE-2023-21382 (android) 5 months, 4 weeks ago | web.nvd.nist.gov
access android check cve +11
CVE-2023-21381 (android) 5 months, 4 weeks ago | web.nvd.nist.gov
android arbitrary code code code execution +10
CVE-2023-21385 (android) 5 months, 4 weeks ago | web.nvd.nist.gov
android corruption cve disclosure +7
CVE-2023-21387 (android) 5 months, 4 weeks ago | web.nvd.nist.gov
android backup bypass cve +11
CVE-2023-21389 (android) 5 months, 4 weeks ago | web.nvd.nist.gov
android bypass check cve +10

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Network Security Engineer

@ Meta | Menlo Park, CA | Remote, US
View on infosec-jobs.com

Security Engineer, Investigations - i3

@ Meta | Washington, DC
View on infosec-jobs.com

Threat Investigator- Security Analyst

@ Meta | Menlo Park, CA | Seattle, WA | Washington, DC
View on infosec-jobs.com

Security Operations Engineer II

@ Microsoft | Redmond, Washington, United States
View on infosec-jobs.com

Engineering -- Tech Risk -- Global Cyber Defense & Intelligence -- Bug Bounty -- Associate -- Dallas

@ Goldman Sachs | Dallas, Texas, United States
View on infosec-jobs.com
View more jobs