In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use opendir() as root directly without checking the path, letting the attacker provide an arbitrary path.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/37xxx/CVE-2022-37703.json",
"cna_assigner": "mitre"
}