VYPR

rpm package

almalinux/libtar

pkg:rpm/almalinux/libtar

Vulnerabilities (4)

  • CVE-2021-33646Aug 9, 2022
    affected < 1.2.20-17.el8fixed 1.2.20-17.el8

    The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak.

  • CVE-2021-33645Aug 9, 2022
    affected < 1.2.20-17.el8fixed 1.2.20-17.el8

    The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak.

  • CVE-2021-33644Aug 9, 2022
    affected < 1.2.20-17.el8fixed 1.2.20-17.el8

    An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read.

  • CVE-2021-33643Aug 9, 2022
    affected < 1.2.20-17.el8fixed 1.2.20-17.el8

    An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.