ALT-PU-2023-7541-1
Package libtar updated to version 1.2.20-alt3.git.6d0ab4c for branch sisyphus_e2k.
Closed vulnerabilities
Published: 2022-08-10
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2021-33643
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.
Severity: CRITICAL (9.1)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
References:
- FEDORA-2022-88772d0a2d
- FEDORA-2022-88772d0a2d
- FEDORA-2022-fe1a4e3cf0
- FEDORA-2022-fe1a4e3cf0
- FEDORA-2022-44a20bba43
- FEDORA-2022-44a20bba43
- FEDORA-2022-ccc68b06cc
- FEDORA-2022-ccc68b06cc
- FEDORA-2022-50e8a1b51d
- FEDORA-2022-50e8a1b51d
- https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807
- https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807
Published: 2022-08-10
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2021-33644
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read.
Severity: HIGH (8.1)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
References:
- FEDORA-2022-88772d0a2d
- FEDORA-2022-88772d0a2d
- FEDORA-2022-fe1a4e3cf0
- FEDORA-2022-fe1a4e3cf0
- FEDORA-2022-44a20bba43
- FEDORA-2022-44a20bba43
- FEDORA-2022-ccc68b06cc
- FEDORA-2022-ccc68b06cc
- FEDORA-2022-50e8a1b51d
- FEDORA-2022-50e8a1b51d
- https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807
- https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807
Published: 2022-08-10
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2021-33645
The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- FEDORA-2022-88772d0a2d
- FEDORA-2022-88772d0a2d
- FEDORA-2022-fe1a4e3cf0
- FEDORA-2022-fe1a4e3cf0
- FEDORA-2022-44a20bba43
- FEDORA-2022-44a20bba43
- FEDORA-2022-ccc68b06cc
- FEDORA-2022-ccc68b06cc
- FEDORA-2022-50e8a1b51d
- FEDORA-2022-50e8a1b51d
- https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807
- https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807
Published: 2022-08-10
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2021-33646
The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- FEDORA-2022-88772d0a2d
- FEDORA-2022-88772d0a2d
- FEDORA-2022-fe1a4e3cf0
- FEDORA-2022-fe1a4e3cf0
- FEDORA-2022-44a20bba43
- FEDORA-2022-44a20bba43
- FEDORA-2022-ccc68b06cc
- FEDORA-2022-ccc68b06cc
- FEDORA-2022-50e8a1b51d
- FEDORA-2022-50e8a1b51d
- https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807
- https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807