Explore top 10 tips to secure your open-source projects now. Read More
×
An attacker who submits a crafted tar file with size in header struct
being 0 may be able to trigger an calling of malloc(0) for a variable
gnu_longlink, causing an out-of-bounds read. (CVE-2021-33643)
An attacker who submits a crafted tar file with size in header struct
being 0 may be able to trigger an calling of malloc(0) for a variable
gnu_longname, causing an out-of-bounds read. (CVE-2021-33644)
The th_read() function doesn't free a variable t->th_buf.gnu_longlink
after allocating memory, which may cause a memory leak. (CVE-2021-33645)
The th_read() function doesn't free a variable t->th_buf.gnu_longname
after allocating memory, which may cause a memory leak. (CVE-2021-33646)
- https://bugs.mageia.org/show_bug.cgi?id=30821
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC/
- https://www.cve.org/CVERecord?id=CVE-2021-33643
- https://www.cve.org/CVERecord?id=CVE-2021-33644
- https://www.cve.org/CVERecord?id=CVE-2021-33645
- https://www.cve.org/CVERecord?id=CVE-2021-33646
- 8/core/libtar-1.2.20-9.1.mga8
Get the latest Linux and open source security news straight to your inbox.