rpm package
almalinux/libtar
pkg:rpm/almalinux/libtar
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-33646 | — | < 1.2.20-17.el8 | 1.2.20-17.el8 | Aug 9, 2022 | The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak. | ||
| CVE-2021-33645 | — | < 1.2.20-17.el8 | 1.2.20-17.el8 | Aug 9, 2022 | The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak. | ||
| CVE-2021-33644 | — | < 1.2.20-17.el8 | 1.2.20-17.el8 | Aug 9, 2022 | An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read. | ||
| CVE-2021-33643 | — | < 1.2.20-17.el8 | 1.2.20-17.el8 | Aug 9, 2022 | An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read. |
- CVE-2021-33646Aug 9, 2022affected < 1.2.20-17.el8fixed 1.2.20-17.el8
The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak.
- CVE-2021-33645Aug 9, 2022affected < 1.2.20-17.el8fixed 1.2.20-17.el8
The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak.
- CVE-2021-33644Aug 9, 2022affected < 1.2.20-17.el8fixed 1.2.20-17.el8
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read.
- CVE-2021-33643Aug 9, 2022affected < 1.2.20-17.el8fixed 1.2.20-17.el8
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.