Vulnerabilites related to feep - libtar
cve-2013-4397
Vulnerability from cvelistv5
Published
2013-10-17 23:00
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
Multiple integer overflows in the th_read function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) name or (2) link in an archive, which triggers a heap-based buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.feep.net:8080/pipermail/libtar/2013-October/000361.html | mailing-list, x_refsource_MLIST | |
| http://rhn.redhat.com/errata/RHSA-2013-1418.html | vendor-advisory, x_refsource_REDHAT | |
| http://secunia.com/advisories/55253 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id/1029166 | vdb-entry, x_refsource_SECTRACK | |
| https://source.android.com/security/bulletin/2018-01-01 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2013/10/10/6 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/55188 | third-party-advisory, x_refsource_SECUNIA | |
| http://repo.or.cz/w/libtar.git/commitdiff/45448e8bae671c2f7e80b860ae0fc0cedf2bdc04 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1040106 | vdb-entry, x_refsource_SECTRACK | |
| http://www.debian.org/security/2013/dsa-2817 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/62922 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2013/10/10/4 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.871Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[libtar] 20131009 ANNOUNCE: libtar version 1.2.20",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.feep.net:8080/pipermail/libtar/2013-October/000361.html"
},
{
"name": "RHSA-2013:1418",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1418.html"
},
{
"name": "55253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55253"
},
{
"name": "1029166",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029166"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2018-01-01"
},
{
"name": "[oss-security] 20131010 Re: Integer overflow in libtar (\u003c= 1.2.19)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/10/6"
},
{
"name": "55188",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55188"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://repo.or.cz/w/libtar.git/commitdiff/45448e8bae671c2f7e80b860ae0fc0cedf2bdc04"
},
{
"name": "1040106",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040106"
},
{
"name": "DSA-2817",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2817"
},
{
"name": "62922",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/62922"
},
{
"name": "[oss-security] 20131010 Integer overflow in libtar (\u003c= 1.2.19)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/10/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in the th_read function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) name or (2) link in an archive, which triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-12T22:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[libtar] 20131009 ANNOUNCE: libtar version 1.2.20",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.feep.net:8080/pipermail/libtar/2013-October/000361.html"
},
{
"name": "RHSA-2013:1418",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1418.html"
},
{
"name": "55253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55253"
},
{
"name": "1029166",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029166"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2018-01-01"
},
{
"name": "[oss-security] 20131010 Re: Integer overflow in libtar (\u003c= 1.2.19)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/10/6"
},
{
"name": "55188",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55188"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://repo.or.cz/w/libtar.git/commitdiff/45448e8bae671c2f7e80b860ae0fc0cedf2bdc04"
},
{
"name": "1040106",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040106"
},
{
"name": "DSA-2817",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2817"
},
{
"name": "62922",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/62922"
},
{
"name": "[oss-security] 20131010 Integer overflow in libtar (\u003c= 1.2.19)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/10/4"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4397",
"datePublished": "2013-10-17T23:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33646
Vulnerability from cvelistv5
Published
2022-08-09 00:00
Modified
2024-08-03 23:58
Severity ?
EPSS score ?
Summary
The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:21.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807"
},
{
"name": "FEDORA-2022-fe1a4e3cf0",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ/"
},
{
"name": "FEDORA-2022-50e8a1b51d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC/"
},
{
"name": "FEDORA-2022-44a20bba43",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/"
},
{
"name": "FEDORA-2022-88772d0a2d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/"
},
{
"name": "FEDORA-2022-ccc68b06cc",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libtar",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\u003c1.2.21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The th_read() function doesn\u2019t free a variable t-\u003eth_buf.gnu_longname after allocating memory, which may cause a memory leak."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401: Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-28T00:00:00",
"orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"shortName": "openEuler"
},
"references": [
{
"url": "https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807"
},
{
"name": "FEDORA-2022-fe1a4e3cf0",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ/"
},
{
"name": "FEDORA-2022-50e8a1b51d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC/"
},
{
"name": "FEDORA-2022-44a20bba43",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/"
},
{
"name": "FEDORA-2022-88772d0a2d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/"
},
{
"name": "FEDORA-2022-ccc68b06cc",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"assignerShortName": "openEuler",
"cveId": "CVE-2021-33646",
"datePublished": "2022-08-09T00:00:00",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:21.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33644
Vulnerability from cvelistv5
Published
2022-08-09 00:00
Modified
2024-08-03 23:58
Severity ?
EPSS score ?
Summary
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:21.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807"
},
{
"name": "FEDORA-2022-fe1a4e3cf0",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ/"
},
{
"name": "FEDORA-2022-50e8a1b51d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC/"
},
{
"name": "FEDORA-2022-44a20bba43",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/"
},
{
"name": "FEDORA-2022-88772d0a2d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/"
},
{
"name": "FEDORA-2022-ccc68b06cc",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libtar",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\u003c1.2.21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-28T00:00:00",
"orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"shortName": "openEuler"
},
"references": [
{
"url": "https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807"
},
{
"name": "FEDORA-2022-fe1a4e3cf0",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ/"
},
{
"name": "FEDORA-2022-50e8a1b51d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC/"
},
{
"name": "FEDORA-2022-44a20bba43",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/"
},
{
"name": "FEDORA-2022-88772d0a2d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/"
},
{
"name": "FEDORA-2022-ccc68b06cc",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"assignerShortName": "openEuler",
"cveId": "CVE-2021-33644",
"datePublished": "2022-08-09T00:00:00",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:21.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4420
Vulnerability from cvelistv5
Published
2014-02-20 16:00
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
Multiple directory traversal vulnerabilities in the (1) tar_extract_glob and (2) tar_extract_all functions in libtar 1.2.20 and earlier allow remote attackers to overwrite arbitrary files via a .. (dot dot) in a crafted tar file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731860 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2014/dsa-2863 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.feep.net:8080/pipermail/libtar/2014-February/000403.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731860"
},
{
"name": "DSA-2863",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2863"
},
{
"name": "[libtar] 20150213 Fw: Re: Validation of file names",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.feep.net:8080/pipermail/libtar/2014-February/000403.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in the (1) tar_extract_glob and (2) tar_extract_all functions in libtar 1.2.20 and earlier allow remote attackers to overwrite arbitrary files via a .. (dot dot) in a crafted tar file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-20T13:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731860"
},
{
"name": "DSA-2863",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2863"
},
{
"name": "[libtar] 20150213 Fw: Re: Validation of file names",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.feep.net:8080/pipermail/libtar/2014-February/000403.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4420",
"datePublished": "2014-02-20T16:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33645
Vulnerability from cvelistv5
Published
2022-08-09 00:00
Modified
2024-08-03 23:58
Severity ?
EPSS score ?
Summary
The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:21.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807"
},
{
"name": "FEDORA-2022-fe1a4e3cf0",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ/"
},
{
"name": "FEDORA-2022-50e8a1b51d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC/"
},
{
"name": "FEDORA-2022-44a20bba43",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/"
},
{
"name": "FEDORA-2022-88772d0a2d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/"
},
{
"name": "FEDORA-2022-ccc68b06cc",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libtar",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\u003c1.2.21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The th_read() function doesn\u2019t free a variable t-\u003eth_buf.gnu_longlink after allocating memory, which may cause a memory leak."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401: Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-28T00:00:00",
"orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"shortName": "openEuler"
},
"references": [
{
"url": "https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807"
},
{
"name": "FEDORA-2022-fe1a4e3cf0",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ/"
},
{
"name": "FEDORA-2022-50e8a1b51d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC/"
},
{
"name": "FEDORA-2022-44a20bba43",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/"
},
{
"name": "FEDORA-2022-88772d0a2d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/"
},
{
"name": "FEDORA-2022-ccc68b06cc",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"assignerShortName": "openEuler",
"cveId": "CVE-2021-33645",
"datePublished": "2022-08-09T00:00:00",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:21.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33643
Vulnerability from cvelistv5
Published
2022-08-09 00:00
Modified
2024-08-03 23:58
Severity ?
EPSS score ?
Summary
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:21.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807"
},
{
"name": "FEDORA-2022-fe1a4e3cf0",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ/"
},
{
"name": "FEDORA-2022-50e8a1b51d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC/"
},
{
"name": "FEDORA-2022-44a20bba43",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/"
},
{
"name": "FEDORA-2022-88772d0a2d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/"
},
{
"name": "FEDORA-2022-ccc68b06cc",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libtar",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\u003c1.2.21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-28T00:00:00",
"orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"shortName": "openEuler"
},
"references": [
{
"url": "https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807"
},
{
"name": "FEDORA-2022-fe1a4e3cf0",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ/"
},
{
"name": "FEDORA-2022-50e8a1b51d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC/"
},
{
"name": "FEDORA-2022-44a20bba43",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/"
},
{
"name": "FEDORA-2022-88772d0a2d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/"
},
{
"name": "FEDORA-2022-ccc68b06cc",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"assignerShortName": "openEuler",
"cveId": "CVE-2021-33643",
"datePublished": "2022-08-09T00:00:00",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:21.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-202208-0814
Vulnerability from variot
The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak. feep.net of libtar Products from multiple other vendors are vulnerable to lack of freeing memory after expiration.Service operation interruption (DoS) It may be in a state. openEuler is an operating system of the Open Atom Open Source Foundation. There are security vulnerabilities in openEuler 20.03-LTS-SP1, 20.03-LTS-SP3 and 22.03-LTS versions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: libtar security update Advisory ID: RHSA-2023:2898-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2898 Issue date: 2023-05-16 CVE Names: CVE-2021-33643 CVE-2021-33644 CVE-2021-33645 CVE-2021-33646 ==================================================================== 1. Summary:
An update for libtar is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
The libtar packages contain a C library for manipulating tar archives. The library supports both the strict POSIX tar format and many of the commonly used GNU extensions.
Security Fix(es):
-
libtar: out-of-bounds read in gnu_longlink (CVE-2021-33643)
-
libtar: out-of-bounds read in gnu_longname (CVE-2021-33644)
-
libtar: memory leak found in th_read() function (CVE-2021-33645)
-
libtar: memory leak found in th_read() function (CVE-2021-33646)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source: libtar-1.2.20-17.el8.src.rpm
aarch64: libtar-1.2.20-17.el8.aarch64.rpm libtar-debuginfo-1.2.20-17.el8.aarch64.rpm libtar-debugsource-1.2.20-17.el8.aarch64.rpm
ppc64le: libtar-1.2.20-17.el8.ppc64le.rpm libtar-debuginfo-1.2.20-17.el8.ppc64le.rpm libtar-debugsource-1.2.20-17.el8.ppc64le.rpm
s390x: libtar-1.2.20-17.el8.s390x.rpm libtar-debuginfo-1.2.20-17.el8.s390x.rpm libtar-debugsource-1.2.20-17.el8.s390x.rpm
x86_64: libtar-1.2.20-17.el8.i686.rpm libtar-1.2.20-17.el8.x86_64.rpm libtar-debuginfo-1.2.20-17.el8.i686.rpm libtar-debuginfo-1.2.20-17.el8.x86_64.rpm libtar-debugsource-1.2.20-17.el8.i686.rpm libtar-debugsource-1.2.20-17.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-33643 https://access.redhat.com/security/cve/CVE-2021-33644 https://access.redhat.com/security/cve/CVE-2021-33645 https://access.redhat.com/security/cve/CVE-2021-33646 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBZGNwdNzjgjWX9erEAQjfPw//SoG/pVemP1peDGxUFDfBMBbldrFWpNro Te4tTe3YAkVgQgtnGZ8n3Arlrryk+3wfgQj3u9gdUj1w14YyEZC8hpWLCXI5iw/P Ul4dHHOnO0UW568dkaqUeJjl02o2ugRp2RZVt14yuZqLKmF9WCJW7lCZQLoqCIVp 7P3vZOQBlyU6BuGXO4Th86fpLDEZCboBQDA2QeNFvt+qNwvNxgb3A05217tfXnZ4 EpltZPIrl8pzEmmWA09XeFgIm5GXNiWjjR/fF3OHSgQ9cmXnafxWSBNiDlzHNQCk 0/z5gcvl+BJLceQoZBo6hdldHCiOF20jCxr8Nb/3sSJ+zAqQqqNsnDQ1TGs2GMDz Mx5JECSk0p79MMKR0mrP2NbCqxqEsqOkjinIa0PDlKNPFbEikA4l7fXu58KyHsr/ V9otYHvD1ilS7cTw1FGi198oodCofA+euZCQBNnWuFbnrCo1cyRBN6mjCMZwDgww ZhNWOUvAmkhtC5ebBb8zuMJ73ojSwiv886kJbEjDlG7SDGbMPHxEAgTHWZp5l+jw z36m+SegsAXE/UKHRYTFriRA5p1pyq/AVUMwhMXvQhwwNxPl2wsaUOJGFBw3Fu3n bAFXpxAngQvELHEFOtmL9fzbnFo93OTkvuz9tJpbvNOCmDBJJEN6Znhic0iWzT0p kHiakPvkvj4=I+bk -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-0814",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openeuler",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "22.03"
},
{
"model": "openeuler",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "20.03"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "libtar",
"scope": "lt",
"trust": 1.0,
"vendor": "feep",
"version": "1.2.21"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "37"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "openeuler",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "libtar",
"scope": null,
"trust": 0.8,
"vendor": "feep net",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020151"
},
{
"db": "NVD",
"id": "CVE-2021-33646"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "172362"
}
],
"trust": 0.1
},
"cve": "CVE-2021-33646",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-33646",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-33646",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-33646",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-33646",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-2782",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020151"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2782"
},
{
"db": "NVD",
"id": "CVE-2021-33646"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The th_read() function doesn\u2019t free a variable t-\u003eth_buf.gnu_longname after allocating memory, which may cause a memory leak. feep.net of libtar Products from multiple other vendors are vulnerable to lack of freeing memory after expiration.Service operation interruption (DoS) It may be in a state. openEuler is an operating system of the Open Atom Open Source Foundation. There are security vulnerabilities in openEuler 20.03-LTS-SP1, 20.03-LTS-SP3 and 22.03-LTS versions. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: libtar security update\nAdvisory ID: RHSA-2023:2898-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2023:2898\nIssue date: 2023-05-16\nCVE Names: CVE-2021-33643 CVE-2021-33644 CVE-2021-33645\n CVE-2021-33646\n====================================================================\n1. Summary:\n\nAn update for libtar is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe libtar packages contain a C library for manipulating tar archives. The\nlibrary supports both the strict POSIX tar format and many of the commonly\nused GNU extensions. \n\nSecurity Fix(es):\n\n* libtar: out-of-bounds read in gnu_longlink (CVE-2021-33643)\n\n* libtar: out-of-bounds read in gnu_longname (CVE-2021-33644)\n\n* libtar: memory leak found in th_read() function (CVE-2021-33645)\n\n* libtar: memory leak found in th_read() function (CVE-2021-33646)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.8 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\nlibtar-1.2.20-17.el8.src.rpm\n\naarch64:\nlibtar-1.2.20-17.el8.aarch64.rpm\nlibtar-debuginfo-1.2.20-17.el8.aarch64.rpm\nlibtar-debugsource-1.2.20-17.el8.aarch64.rpm\n\nppc64le:\nlibtar-1.2.20-17.el8.ppc64le.rpm\nlibtar-debuginfo-1.2.20-17.el8.ppc64le.rpm\nlibtar-debugsource-1.2.20-17.el8.ppc64le.rpm\n\ns390x:\nlibtar-1.2.20-17.el8.s390x.rpm\nlibtar-debuginfo-1.2.20-17.el8.s390x.rpm\nlibtar-debugsource-1.2.20-17.el8.s390x.rpm\n\nx86_64:\nlibtar-1.2.20-17.el8.i686.rpm\nlibtar-1.2.20-17.el8.x86_64.rpm\nlibtar-debuginfo-1.2.20-17.el8.i686.rpm\nlibtar-debuginfo-1.2.20-17.el8.x86_64.rpm\nlibtar-debugsource-1.2.20-17.el8.i686.rpm\nlibtar-debugsource-1.2.20-17.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-33643\nhttps://access.redhat.com/security/cve/CVE-2021-33644\nhttps://access.redhat.com/security/cve/CVE-2021-33645\nhttps://access.redhat.com/security/cve/CVE-2021-33646\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBZGNwdNzjgjWX9erEAQjfPw//SoG/pVemP1peDGxUFDfBMBbldrFWpNro\nTe4tTe3YAkVgQgtnGZ8n3Arlrryk+3wfgQj3u9gdUj1w14YyEZC8hpWLCXI5iw/P\nUl4dHHOnO0UW568dkaqUeJjl02o2ugRp2RZVt14yuZqLKmF9WCJW7lCZQLoqCIVp\n7P3vZOQBlyU6BuGXO4Th86fpLDEZCboBQDA2QeNFvt+qNwvNxgb3A05217tfXnZ4\nEpltZPIrl8pzEmmWA09XeFgIm5GXNiWjjR/fF3OHSgQ9cmXnafxWSBNiDlzHNQCk\n0/z5gcvl+BJLceQoZBo6hdldHCiOF20jCxr8Nb/3sSJ+zAqQqqNsnDQ1TGs2GMDz\nMx5JECSk0p79MMKR0mrP2NbCqxqEsqOkjinIa0PDlKNPFbEikA4l7fXu58KyHsr/\nV9otYHvD1ilS7cTw1FGi198oodCofA+euZCQBNnWuFbnrCo1cyRBN6mjCMZwDgww\nZhNWOUvAmkhtC5ebBb8zuMJ73ojSwiv886kJbEjDlG7SDGbMPHxEAgTHWZp5l+jw\nz36m+SegsAXE/UKHRYTFriRA5p1pyq/AVUMwhMXvQhwwNxPl2wsaUOJGFBw3Fu3n\nbAFXpxAngQvELHEFOtmL9fzbnFo93OTkvuz9tJpbvNOCmDBJJEN6Znhic0iWzT0p\nkHiakPvkvj4=I+bk\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33646"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020151"
},
{
"db": "VULHUB",
"id": "VHN-393724"
},
{
"db": "PACKETSTORM",
"id": "172362"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-33646",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020151",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2782",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-393724",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172362",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393724"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020151"
},
{
"db": "PACKETSTORM",
"id": "172362"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2782"
},
{
"db": "NVD",
"id": "CVE-2021-33646"
}
]
},
"id": "VAR-202208-0814",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-393724"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:02:28.911000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "openEuler Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=204271"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2782"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-401",
"trust": 1.1
},
{
"problemtype": "Lack of memory release after expiration (CWE-401) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393724"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020151"
},
{
"db": "NVD",
"id": "CVE-2021-33646"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openeuler-sa-2022-1807"
},
{
"trust": 1.5,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7q26qdnojdofywmjweik5xr62m2ff6ij/"
},
{
"trust": 1.5,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/od4hebsti22fnykokk7w3x6zqe6fv3xc/"
},
{
"trust": 1.5,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4s4pjrcjleawn2ekxglsobtl7o57v7nc/"
},
{
"trust": 1.5,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7wx5ye66ct7y5c2hthxsfdkqwywywj2t/"
},
{
"trust": 1.5,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5yshzy753r7xw6cikjvawi373ww3yrrj/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4s4pjrcjleawn2ekxglsobtl7o57v7nc/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5yshzy753r7xw6cikjvawi373ww3yrrj/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7q26qdnojdofywmjweik5xr62m2ff6ij/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7wx5ye66ct7y5c2hthxsfdkqwywywj2t/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/od4hebsti22fnykokk7w3x6zqe6fv3xc/"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33646"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/libtar-four-vulnerabilities-39176"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-33646/"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33643"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:2898"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33646"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33644"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33644"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33643"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393724"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020151"
},
{
"db": "PACKETSTORM",
"id": "172362"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2782"
},
{
"db": "NVD",
"id": "CVE-2021-33646"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-393724"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020151"
},
{
"db": "PACKETSTORM",
"id": "172362"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2782"
},
{
"db": "NVD",
"id": "CVE-2021-33646"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-10T00:00:00",
"db": "VULHUB",
"id": "VHN-393724"
},
{
"date": "2023-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-020151"
},
{
"date": "2023-05-16T17:07:39",
"db": "PACKETSTORM",
"id": "172362"
},
{
"date": "2022-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2782"
},
{
"date": "2022-08-10T20:15:20.637000",
"db": "NVD",
"id": "CVE-2021-33646"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-11T00:00:00",
"db": "VULHUB",
"id": "VHN-393724"
},
{
"date": "2023-09-19T08:11:00",
"db": "JVNDB",
"id": "JVNDB-2021-020151"
},
{
"date": "2022-12-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2782"
},
{
"date": "2023-11-07T03:35:53.873000",
"db": "NVD",
"id": "CVE-2021-33646"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2782"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "feep.net\u00a0 of \u00a0libtar\u00a0 Vulnerability related to lack of free memory after expiration in products from other vendors",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020151"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2782"
}
],
"trust": 0.6
}
}
var-202208-0859
Vulnerability from variot
The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak. feep.net of libtar Products from multiple other vendors are vulnerable to lack of freeing memory after expiration.Service operation interruption (DoS) It may be in a state. openEuler is an operating system of the Open Atom Open Source Foundation. There are security vulnerabilities in openEuler 20.03-LTS-SP1, 20.03-LTS-SP3 and 22.03-LTS versions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: libtar security update Advisory ID: RHSA-2023:2898-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2898 Issue date: 2023-05-16 CVE Names: CVE-2021-33643 CVE-2021-33644 CVE-2021-33645 CVE-2021-33646 ==================================================================== 1. Summary:
An update for libtar is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
The libtar packages contain a C library for manipulating tar archives. The library supports both the strict POSIX tar format and many of the commonly used GNU extensions.
Security Fix(es):
-
libtar: out-of-bounds read in gnu_longlink (CVE-2021-33643)
-
libtar: out-of-bounds read in gnu_longname (CVE-2021-33644)
-
libtar: memory leak found in th_read() function (CVE-2021-33645)
-
libtar: memory leak found in th_read() function (CVE-2021-33646)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source: libtar-1.2.20-17.el8.src.rpm
aarch64: libtar-1.2.20-17.el8.aarch64.rpm libtar-debuginfo-1.2.20-17.el8.aarch64.rpm libtar-debugsource-1.2.20-17.el8.aarch64.rpm
ppc64le: libtar-1.2.20-17.el8.ppc64le.rpm libtar-debuginfo-1.2.20-17.el8.ppc64le.rpm libtar-debugsource-1.2.20-17.el8.ppc64le.rpm
s390x: libtar-1.2.20-17.el8.s390x.rpm libtar-debuginfo-1.2.20-17.el8.s390x.rpm libtar-debugsource-1.2.20-17.el8.s390x.rpm
x86_64: libtar-1.2.20-17.el8.i686.rpm libtar-1.2.20-17.el8.x86_64.rpm libtar-debuginfo-1.2.20-17.el8.i686.rpm libtar-debuginfo-1.2.20-17.el8.x86_64.rpm libtar-debugsource-1.2.20-17.el8.i686.rpm libtar-debugsource-1.2.20-17.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-33643 https://access.redhat.com/security/cve/CVE-2021-33644 https://access.redhat.com/security/cve/CVE-2021-33645 https://access.redhat.com/security/cve/CVE-2021-33646 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBZGNwdNzjgjWX9erEAQjfPw//SoG/pVemP1peDGxUFDfBMBbldrFWpNro Te4tTe3YAkVgQgtnGZ8n3Arlrryk+3wfgQj3u9gdUj1w14YyEZC8hpWLCXI5iw/P Ul4dHHOnO0UW568dkaqUeJjl02o2ugRp2RZVt14yuZqLKmF9WCJW7lCZQLoqCIVp 7P3vZOQBlyU6BuGXO4Th86fpLDEZCboBQDA2QeNFvt+qNwvNxgb3A05217tfXnZ4 EpltZPIrl8pzEmmWA09XeFgIm5GXNiWjjR/fF3OHSgQ9cmXnafxWSBNiDlzHNQCk 0/z5gcvl+BJLceQoZBo6hdldHCiOF20jCxr8Nb/3sSJ+zAqQqqNsnDQ1TGs2GMDz Mx5JECSk0p79MMKR0mrP2NbCqxqEsqOkjinIa0PDlKNPFbEikA4l7fXu58KyHsr/ V9otYHvD1ilS7cTw1FGi198oodCofA+euZCQBNnWuFbnrCo1cyRBN6mjCMZwDgww ZhNWOUvAmkhtC5ebBb8zuMJ73ojSwiv886kJbEjDlG7SDGbMPHxEAgTHWZp5l+jw z36m+SegsAXE/UKHRYTFriRA5p1pyq/AVUMwhMXvQhwwNxPl2wsaUOJGFBw3Fu3n bAFXpxAngQvELHEFOtmL9fzbnFo93OTkvuz9tJpbvNOCmDBJJEN6Znhic0iWzT0p kHiakPvkvj4=I+bk -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-0859",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openeuler",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "22.03"
},
{
"model": "openeuler",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "20.03"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "libtar",
"scope": "lt",
"trust": 1.0,
"vendor": "feep",
"version": "1.2.21"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "37"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "openeuler",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "libtar",
"scope": null,
"trust": 0.8,
"vendor": "feep net",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020152"
},
{
"db": "NVD",
"id": "CVE-2021-33645"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "172362"
}
],
"trust": 0.1
},
"cve": "CVE-2021-33645",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-33645",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-33645",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-33645",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-33645",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-2781",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020152"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2781"
},
{
"db": "NVD",
"id": "CVE-2021-33645"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The th_read() function doesn\u2019t free a variable t-\u003eth_buf.gnu_longlink after allocating memory, which may cause a memory leak. feep.net of libtar Products from multiple other vendors are vulnerable to lack of freeing memory after expiration.Service operation interruption (DoS) It may be in a state. openEuler is an operating system of the Open Atom Open Source Foundation. There are security vulnerabilities in openEuler 20.03-LTS-SP1, 20.03-LTS-SP3 and 22.03-LTS versions. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: libtar security update\nAdvisory ID: RHSA-2023:2898-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2023:2898\nIssue date: 2023-05-16\nCVE Names: CVE-2021-33643 CVE-2021-33644 CVE-2021-33645\n CVE-2021-33646\n====================================================================\n1. Summary:\n\nAn update for libtar is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe libtar packages contain a C library for manipulating tar archives. The\nlibrary supports both the strict POSIX tar format and many of the commonly\nused GNU extensions. \n\nSecurity Fix(es):\n\n* libtar: out-of-bounds read in gnu_longlink (CVE-2021-33643)\n\n* libtar: out-of-bounds read in gnu_longname (CVE-2021-33644)\n\n* libtar: memory leak found in th_read() function (CVE-2021-33645)\n\n* libtar: memory leak found in th_read() function (CVE-2021-33646)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.8 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\nlibtar-1.2.20-17.el8.src.rpm\n\naarch64:\nlibtar-1.2.20-17.el8.aarch64.rpm\nlibtar-debuginfo-1.2.20-17.el8.aarch64.rpm\nlibtar-debugsource-1.2.20-17.el8.aarch64.rpm\n\nppc64le:\nlibtar-1.2.20-17.el8.ppc64le.rpm\nlibtar-debuginfo-1.2.20-17.el8.ppc64le.rpm\nlibtar-debugsource-1.2.20-17.el8.ppc64le.rpm\n\ns390x:\nlibtar-1.2.20-17.el8.s390x.rpm\nlibtar-debuginfo-1.2.20-17.el8.s390x.rpm\nlibtar-debugsource-1.2.20-17.el8.s390x.rpm\n\nx86_64:\nlibtar-1.2.20-17.el8.i686.rpm\nlibtar-1.2.20-17.el8.x86_64.rpm\nlibtar-debuginfo-1.2.20-17.el8.i686.rpm\nlibtar-debuginfo-1.2.20-17.el8.x86_64.rpm\nlibtar-debugsource-1.2.20-17.el8.i686.rpm\nlibtar-debugsource-1.2.20-17.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-33643\nhttps://access.redhat.com/security/cve/CVE-2021-33644\nhttps://access.redhat.com/security/cve/CVE-2021-33645\nhttps://access.redhat.com/security/cve/CVE-2021-33646\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBZGNwdNzjgjWX9erEAQjfPw//SoG/pVemP1peDGxUFDfBMBbldrFWpNro\nTe4tTe3YAkVgQgtnGZ8n3Arlrryk+3wfgQj3u9gdUj1w14YyEZC8hpWLCXI5iw/P\nUl4dHHOnO0UW568dkaqUeJjl02o2ugRp2RZVt14yuZqLKmF9WCJW7lCZQLoqCIVp\n7P3vZOQBlyU6BuGXO4Th86fpLDEZCboBQDA2QeNFvt+qNwvNxgb3A05217tfXnZ4\nEpltZPIrl8pzEmmWA09XeFgIm5GXNiWjjR/fF3OHSgQ9cmXnafxWSBNiDlzHNQCk\n0/z5gcvl+BJLceQoZBo6hdldHCiOF20jCxr8Nb/3sSJ+zAqQqqNsnDQ1TGs2GMDz\nMx5JECSk0p79MMKR0mrP2NbCqxqEsqOkjinIa0PDlKNPFbEikA4l7fXu58KyHsr/\nV9otYHvD1ilS7cTw1FGi198oodCofA+euZCQBNnWuFbnrCo1cyRBN6mjCMZwDgww\nZhNWOUvAmkhtC5ebBb8zuMJ73ojSwiv886kJbEjDlG7SDGbMPHxEAgTHWZp5l+jw\nz36m+SegsAXE/UKHRYTFriRA5p1pyq/AVUMwhMXvQhwwNxPl2wsaUOJGFBw3Fu3n\nbAFXpxAngQvELHEFOtmL9fzbnFo93OTkvuz9tJpbvNOCmDBJJEN6Znhic0iWzT0p\nkHiakPvkvj4=I+bk\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33645"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020152"
},
{
"db": "VULHUB",
"id": "VHN-393723"
},
{
"db": "PACKETSTORM",
"id": "172362"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-33645",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020152",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2781",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-393723",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172362",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393723"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020152"
},
{
"db": "PACKETSTORM",
"id": "172362"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2781"
},
{
"db": "NVD",
"id": "CVE-2021-33645"
}
]
},
"id": "VAR-202208-0859",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-393723"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:02:28.882000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "openEuler Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=204270"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2781"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-401",
"trust": 1.1
},
{
"problemtype": "Lack of memory release after expiration (CWE-401) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393723"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020152"
},
{
"db": "NVD",
"id": "CVE-2021-33645"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openeuler-sa-2022-1807"
},
{
"trust": 1.5,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7q26qdnojdofywmjweik5xr62m2ff6ij/"
},
{
"trust": 1.5,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/od4hebsti22fnykokk7w3x6zqe6fv3xc/"
},
{
"trust": 1.5,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4s4pjrcjleawn2ekxglsobtl7o57v7nc/"
},
{
"trust": 1.5,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7wx5ye66ct7y5c2hthxsfdkqwywywj2t/"
},
{
"trust": 1.5,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5yshzy753r7xw6cikjvawi373ww3yrrj/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4s4pjrcjleawn2ekxglsobtl7o57v7nc/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5yshzy753r7xw6cikjvawi373ww3yrrj/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7q26qdnojdofywmjweik5xr62m2ff6ij/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7wx5ye66ct7y5c2hthxsfdkqwywywj2t/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/od4hebsti22fnykokk7w3x6zqe6fv3xc/"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33645"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/libtar-four-vulnerabilities-39176"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-33645/"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33643"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:2898"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33646"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33646"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33644"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33644"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33643"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393723"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020152"
},
{
"db": "PACKETSTORM",
"id": "172362"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2781"
},
{
"db": "NVD",
"id": "CVE-2021-33645"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-393723"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020152"
},
{
"db": "PACKETSTORM",
"id": "172362"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2781"
},
{
"db": "NVD",
"id": "CVE-2021-33645"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-10T00:00:00",
"db": "VULHUB",
"id": "VHN-393723"
},
{
"date": "2023-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-020152"
},
{
"date": "2023-05-16T17:07:39",
"db": "PACKETSTORM",
"id": "172362"
},
{
"date": "2022-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2781"
},
{
"date": "2022-08-10T20:15:20.573000",
"db": "NVD",
"id": "CVE-2021-33645"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-11T00:00:00",
"db": "VULHUB",
"id": "VHN-393723"
},
{
"date": "2023-09-19T08:11:00",
"db": "JVNDB",
"id": "JVNDB-2021-020152"
},
{
"date": "2022-12-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2781"
},
{
"date": "2023-11-07T03:35:53.790000",
"db": "NVD",
"id": "CVE-2021-33645"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2781"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "feep.net\u00a0 of \u00a0libtar\u00a0 Vulnerability related to lack of free memory after expiration in products from other vendors",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020152"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2781"
}
],
"trust": 0.6
}
}
var-202208-0889
Vulnerability from variot
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read. feep.net of libtar Products from other vendors have out-of-bounds read vulnerabilities.Information is obtained and service operation is interrupted (DoS) It may be in a state. openEuler is an operating system of the Open Atom Open Source Foundation. There are security vulnerabilities in openEuler 20.03-LTS-SP1, 20.03-LTS-SP3, and 22.03-LTS versions of the Open Atom Open Source Foundation. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: libtar security update Advisory ID: RHSA-2023:2898-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2898 Issue date: 2023-05-16 CVE Names: CVE-2021-33643 CVE-2021-33644 CVE-2021-33645 CVE-2021-33646 ==================================================================== 1. Summary:
An update for libtar is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
The libtar packages contain a C library for manipulating tar archives. The library supports both the strict POSIX tar format and many of the commonly used GNU extensions.
Security Fix(es):
-
libtar: out-of-bounds read in gnu_longlink (CVE-2021-33643)
-
libtar: out-of-bounds read in gnu_longname (CVE-2021-33644)
-
libtar: memory leak found in th_read() function (CVE-2021-33645)
-
libtar: memory leak found in th_read() function (CVE-2021-33646)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2121289 - CVE-2021-33643 libtar: out-of-bounds read in gnu_longlink 2121292 - CVE-2021-33644 libtar: out-of-bounds read in gnu_longname 2121295 - CVE-2021-33645 libtar: memory leak found in th_read() function 2121297 - CVE-2021-33646 libtar: memory leak found in th_read() function
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source: libtar-1.2.20-17.el8.src.rpm
aarch64: libtar-1.2.20-17.el8.aarch64.rpm libtar-debuginfo-1.2.20-17.el8.aarch64.rpm libtar-debugsource-1.2.20-17.el8.aarch64.rpm
ppc64le: libtar-1.2.20-17.el8.ppc64le.rpm libtar-debuginfo-1.2.20-17.el8.ppc64le.rpm libtar-debugsource-1.2.20-17.el8.ppc64le.rpm
s390x: libtar-1.2.20-17.el8.s390x.rpm libtar-debuginfo-1.2.20-17.el8.s390x.rpm libtar-debugsource-1.2.20-17.el8.s390x.rpm
x86_64: libtar-1.2.20-17.el8.i686.rpm libtar-1.2.20-17.el8.x86_64.rpm libtar-debuginfo-1.2.20-17.el8.i686.rpm libtar-debuginfo-1.2.20-17.el8.x86_64.rpm libtar-debugsource-1.2.20-17.el8.i686.rpm libtar-debugsource-1.2.20-17.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-33643 https://access.redhat.com/security/cve/CVE-2021-33644 https://access.redhat.com/security/cve/CVE-2021-33645 https://access.redhat.com/security/cve/CVE-2021-33646 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBZGNwdNzjgjWX9erEAQjfPw//SoG/pVemP1peDGxUFDfBMBbldrFWpNro Te4tTe3YAkVgQgtnGZ8n3Arlrryk+3wfgQj3u9gdUj1w14YyEZC8hpWLCXI5iw/P Ul4dHHOnO0UW568dkaqUeJjl02o2ugRp2RZVt14yuZqLKmF9WCJW7lCZQLoqCIVp 7P3vZOQBlyU6BuGXO4Th86fpLDEZCboBQDA2QeNFvt+qNwvNxgb3A05217tfXnZ4 EpltZPIrl8pzEmmWA09XeFgIm5GXNiWjjR/fF3OHSgQ9cmXnafxWSBNiDlzHNQCk 0/z5gcvl+BJLceQoZBo6hdldHCiOF20jCxr8Nb/3sSJ+zAqQqqNsnDQ1TGs2GMDz Mx5JECSk0p79MMKR0mrP2NbCqxqEsqOkjinIa0PDlKNPFbEikA4l7fXu58KyHsr/ V9otYHvD1ilS7cTw1FGi198oodCofA+euZCQBNnWuFbnrCo1cyRBN6mjCMZwDgww ZhNWOUvAmkhtC5ebBb8zuMJ73ojSwiv886kJbEjDlG7SDGbMPHxEAgTHWZp5l+jw z36m+SegsAXE/UKHRYTFriRA5p1pyq/AVUMwhMXvQhwwNxPl2wsaUOJGFBw3Fu3n bAFXpxAngQvELHEFOtmL9fzbnFo93OTkvuz9tJpbvNOCmDBJJEN6Znhic0iWzT0p kHiakPvkvj4=I+bk -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-0889",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openeuler",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "22.03"
},
{
"model": "openeuler",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "20.03"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "libtar",
"scope": "lt",
"trust": 1.0,
"vendor": "feep",
"version": "1.2.21"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "37"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "openeuler",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "libtar",
"scope": null,
"trust": 0.8,
"vendor": "feep net",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020154"
},
{
"db": "NVD",
"id": "CVE-2021-33643"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "172362"
}
],
"trust": 0.1
},
"cve": "CVE-2021-33643",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-33643",
"impactScore": 5.2,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-33643",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-33643",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-33643",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-2780",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020154"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2780"
},
{
"db": "NVD",
"id": "CVE-2021-33643"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read. feep.net of libtar Products from other vendors have out-of-bounds read vulnerabilities.Information is obtained and service operation is interrupted (DoS) It may be in a state. openEuler is an operating system of the Open Atom Open Source Foundation. There are security vulnerabilities in openEuler 20.03-LTS-SP1, 20.03-LTS-SP3, and 22.03-LTS versions of the Open Atom Open Source Foundation. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: libtar security update\nAdvisory ID: RHSA-2023:2898-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2023:2898\nIssue date: 2023-05-16\nCVE Names: CVE-2021-33643 CVE-2021-33644 CVE-2021-33645\n CVE-2021-33646\n====================================================================\n1. Summary:\n\nAn update for libtar is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe libtar packages contain a C library for manipulating tar archives. The\nlibrary supports both the strict POSIX tar format and many of the commonly\nused GNU extensions. \n\nSecurity Fix(es):\n\n* libtar: out-of-bounds read in gnu_longlink (CVE-2021-33643)\n\n* libtar: out-of-bounds read in gnu_longname (CVE-2021-33644)\n\n* libtar: memory leak found in th_read() function (CVE-2021-33645)\n\n* libtar: memory leak found in th_read() function (CVE-2021-33646)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.8 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2121289 - CVE-2021-33643 libtar: out-of-bounds read in gnu_longlink\n2121292 - CVE-2021-33644 libtar: out-of-bounds read in gnu_longname\n2121295 - CVE-2021-33645 libtar: memory leak found in th_read() function\n2121297 - CVE-2021-33646 libtar: memory leak found in th_read() function\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\nlibtar-1.2.20-17.el8.src.rpm\n\naarch64:\nlibtar-1.2.20-17.el8.aarch64.rpm\nlibtar-debuginfo-1.2.20-17.el8.aarch64.rpm\nlibtar-debugsource-1.2.20-17.el8.aarch64.rpm\n\nppc64le:\nlibtar-1.2.20-17.el8.ppc64le.rpm\nlibtar-debuginfo-1.2.20-17.el8.ppc64le.rpm\nlibtar-debugsource-1.2.20-17.el8.ppc64le.rpm\n\ns390x:\nlibtar-1.2.20-17.el8.s390x.rpm\nlibtar-debuginfo-1.2.20-17.el8.s390x.rpm\nlibtar-debugsource-1.2.20-17.el8.s390x.rpm\n\nx86_64:\nlibtar-1.2.20-17.el8.i686.rpm\nlibtar-1.2.20-17.el8.x86_64.rpm\nlibtar-debuginfo-1.2.20-17.el8.i686.rpm\nlibtar-debuginfo-1.2.20-17.el8.x86_64.rpm\nlibtar-debugsource-1.2.20-17.el8.i686.rpm\nlibtar-debugsource-1.2.20-17.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-33643\nhttps://access.redhat.com/security/cve/CVE-2021-33644\nhttps://access.redhat.com/security/cve/CVE-2021-33645\nhttps://access.redhat.com/security/cve/CVE-2021-33646\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBZGNwdNzjgjWX9erEAQjfPw//SoG/pVemP1peDGxUFDfBMBbldrFWpNro\nTe4tTe3YAkVgQgtnGZ8n3Arlrryk+3wfgQj3u9gdUj1w14YyEZC8hpWLCXI5iw/P\nUl4dHHOnO0UW568dkaqUeJjl02o2ugRp2RZVt14yuZqLKmF9WCJW7lCZQLoqCIVp\n7P3vZOQBlyU6BuGXO4Th86fpLDEZCboBQDA2QeNFvt+qNwvNxgb3A05217tfXnZ4\nEpltZPIrl8pzEmmWA09XeFgIm5GXNiWjjR/fF3OHSgQ9cmXnafxWSBNiDlzHNQCk\n0/z5gcvl+BJLceQoZBo6hdldHCiOF20jCxr8Nb/3sSJ+zAqQqqNsnDQ1TGs2GMDz\nMx5JECSk0p79MMKR0mrP2NbCqxqEsqOkjinIa0PDlKNPFbEikA4l7fXu58KyHsr/\nV9otYHvD1ilS7cTw1FGi198oodCofA+euZCQBNnWuFbnrCo1cyRBN6mjCMZwDgww\nZhNWOUvAmkhtC5ebBb8zuMJ73ojSwiv886kJbEjDlG7SDGbMPHxEAgTHWZp5l+jw\nz36m+SegsAXE/UKHRYTFriRA5p1pyq/AVUMwhMXvQhwwNxPl2wsaUOJGFBw3Fu3n\nbAFXpxAngQvELHEFOtmL9fzbnFo93OTkvuz9tJpbvNOCmDBJJEN6Znhic0iWzT0p\nkHiakPvkvj4=I+bk\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33643"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020154"
},
{
"db": "VULHUB",
"id": "VHN-393721"
},
{
"db": "PACKETSTORM",
"id": "172362"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-33643",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020154",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2780",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-393721",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172362",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393721"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020154"
},
{
"db": "PACKETSTORM",
"id": "172362"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2780"
},
{
"db": "NVD",
"id": "CVE-2021-33643"
}
]
},
"id": "VAR-202208-0889",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-393721"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:02:28.968000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "openEuler Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=204269"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2780"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393721"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020154"
},
{
"db": "NVD",
"id": "CVE-2021-33643"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openeuler-sa-2022-1807"
},
{
"trust": 1.5,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7q26qdnojdofywmjweik5xr62m2ff6ij/"
},
{
"trust": 1.5,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/od4hebsti22fnykokk7w3x6zqe6fv3xc/"
},
{
"trust": 1.5,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4s4pjrcjleawn2ekxglsobtl7o57v7nc/"
},
{
"trust": 1.5,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7wx5ye66ct7y5c2hthxsfdkqwywywj2t/"
},
{
"trust": 1.5,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5yshzy753r7xw6cikjvawi373ww3yrrj/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4s4pjrcjleawn2ekxglsobtl7o57v7nc/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5yshzy753r7xw6cikjvawi373ww3yrrj/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7q26qdnojdofywmjweik5xr62m2ff6ij/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7wx5ye66ct7y5c2hthxsfdkqwywywj2t/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/od4hebsti22fnykokk7w3x6zqe6fv3xc/"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33643"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/libtar-four-vulnerabilities-39176"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-33643/"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33643"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:2898"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33646"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33646"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33644"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33644"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393721"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020154"
},
{
"db": "PACKETSTORM",
"id": "172362"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2780"
},
{
"db": "NVD",
"id": "CVE-2021-33643"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-393721"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020154"
},
{
"db": "PACKETSTORM",
"id": "172362"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2780"
},
{
"db": "NVD",
"id": "CVE-2021-33643"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-10T00:00:00",
"db": "VULHUB",
"id": "VHN-393721"
},
{
"date": "2023-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-020154"
},
{
"date": "2023-05-16T17:07:39",
"db": "PACKETSTORM",
"id": "172362"
},
{
"date": "2022-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2780"
},
{
"date": "2022-08-10T20:15:20.450000",
"db": "NVD",
"id": "CVE-2021-33643"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-23T00:00:00",
"db": "VULHUB",
"id": "VHN-393721"
},
{
"date": "2023-09-19T08:11:00",
"db": "JVNDB",
"id": "JVNDB-2021-020154"
},
{
"date": "2022-12-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2780"
},
{
"date": "2023-11-07T03:35:53.637000",
"db": "NVD",
"id": "CVE-2021-33643"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2780"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "feep.net\u00a0 of \u00a0libtar\u00a0 Out-of-Bounds Read Vulnerability in Other Vendors\u0027 Products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020154"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2780"
}
],
"trust": 0.6
}
}
var-202208-0945
Vulnerability from variot
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read. feep.net of libtar Products from other vendors have out-of-bounds read vulnerabilities.Information is obtained and service operation is interrupted (DoS) It may be in a state. openEuler is an operating system of the Open Atom Open Source Foundation. There are security vulnerabilities in openEuler 20.03-LTS-SP1, 20.03-LTS-SP3 and 22.03-LTS versions of the Open Atom Open Source Foundation. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: libtar security update Advisory ID: RHSA-2023:2898-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2898 Issue date: 2023-05-16 CVE Names: CVE-2021-33643 CVE-2021-33644 CVE-2021-33645 CVE-2021-33646 ==================================================================== 1. Summary:
An update for libtar is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
The libtar packages contain a C library for manipulating tar archives. The library supports both the strict POSIX tar format and many of the commonly used GNU extensions.
Security Fix(es):
-
libtar: out-of-bounds read in gnu_longlink (CVE-2021-33643)
-
libtar: out-of-bounds read in gnu_longname (CVE-2021-33644)
-
libtar: memory leak found in th_read() function (CVE-2021-33645)
-
libtar: memory leak found in th_read() function (CVE-2021-33646)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2121289 - CVE-2021-33643 libtar: out-of-bounds read in gnu_longlink 2121292 - CVE-2021-33644 libtar: out-of-bounds read in gnu_longname 2121295 - CVE-2021-33645 libtar: memory leak found in th_read() function 2121297 - CVE-2021-33646 libtar: memory leak found in th_read() function
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source: libtar-1.2.20-17.el8.src.rpm
aarch64: libtar-1.2.20-17.el8.aarch64.rpm libtar-debuginfo-1.2.20-17.el8.aarch64.rpm libtar-debugsource-1.2.20-17.el8.aarch64.rpm
ppc64le: libtar-1.2.20-17.el8.ppc64le.rpm libtar-debuginfo-1.2.20-17.el8.ppc64le.rpm libtar-debugsource-1.2.20-17.el8.ppc64le.rpm
s390x: libtar-1.2.20-17.el8.s390x.rpm libtar-debuginfo-1.2.20-17.el8.s390x.rpm libtar-debugsource-1.2.20-17.el8.s390x.rpm
x86_64: libtar-1.2.20-17.el8.i686.rpm libtar-1.2.20-17.el8.x86_64.rpm libtar-debuginfo-1.2.20-17.el8.i686.rpm libtar-debuginfo-1.2.20-17.el8.x86_64.rpm libtar-debugsource-1.2.20-17.el8.i686.rpm libtar-debugsource-1.2.20-17.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-33643 https://access.redhat.com/security/cve/CVE-2021-33644 https://access.redhat.com/security/cve/CVE-2021-33645 https://access.redhat.com/security/cve/CVE-2021-33646 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBZGNwdNzjgjWX9erEAQjfPw//SoG/pVemP1peDGxUFDfBMBbldrFWpNro Te4tTe3YAkVgQgtnGZ8n3Arlrryk+3wfgQj3u9gdUj1w14YyEZC8hpWLCXI5iw/P Ul4dHHOnO0UW568dkaqUeJjl02o2ugRp2RZVt14yuZqLKmF9WCJW7lCZQLoqCIVp 7P3vZOQBlyU6BuGXO4Th86fpLDEZCboBQDA2QeNFvt+qNwvNxgb3A05217tfXnZ4 EpltZPIrl8pzEmmWA09XeFgIm5GXNiWjjR/fF3OHSgQ9cmXnafxWSBNiDlzHNQCk 0/z5gcvl+BJLceQoZBo6hdldHCiOF20jCxr8Nb/3sSJ+zAqQqqNsnDQ1TGs2GMDz Mx5JECSk0p79MMKR0mrP2NbCqxqEsqOkjinIa0PDlKNPFbEikA4l7fXu58KyHsr/ V9otYHvD1ilS7cTw1FGi198oodCofA+euZCQBNnWuFbnrCo1cyRBN6mjCMZwDgww ZhNWOUvAmkhtC5ebBb8zuMJ73ojSwiv886kJbEjDlG7SDGbMPHxEAgTHWZp5l+jw z36m+SegsAXE/UKHRYTFriRA5p1pyq/AVUMwhMXvQhwwNxPl2wsaUOJGFBw3Fu3n bAFXpxAngQvELHEFOtmL9fzbnFo93OTkvuz9tJpbvNOCmDBJJEN6Znhic0iWzT0p kHiakPvkvj4=I+bk -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-0945",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openeuler",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "22.03"
},
{
"model": "openeuler",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "20.03"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "libtar",
"scope": "lt",
"trust": 1.0,
"vendor": "feep",
"version": "1.2.21"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "37"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "openeuler",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "libtar",
"scope": null,
"trust": 0.8,
"vendor": "feep net",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020153"
},
{
"db": "NVD",
"id": "CVE-2021-33644"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "172362"
}
],
"trust": 0.1
},
"cve": "CVE-2021-33644",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-33644",
"impactScore": 5.2,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-33644",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-33644",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-33644",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-2779",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020153"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2779"
},
{
"db": "NVD",
"id": "CVE-2021-33644"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read. feep.net of libtar Products from other vendors have out-of-bounds read vulnerabilities.Information is obtained and service operation is interrupted (DoS) It may be in a state. openEuler is an operating system of the Open Atom Open Source Foundation. There are security vulnerabilities in openEuler 20.03-LTS-SP1, 20.03-LTS-SP3 and 22.03-LTS versions of the Open Atom Open Source Foundation. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: libtar security update\nAdvisory ID: RHSA-2023:2898-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2023:2898\nIssue date: 2023-05-16\nCVE Names: CVE-2021-33643 CVE-2021-33644 CVE-2021-33645\n CVE-2021-33646\n====================================================================\n1. Summary:\n\nAn update for libtar is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe libtar packages contain a C library for manipulating tar archives. The\nlibrary supports both the strict POSIX tar format and many of the commonly\nused GNU extensions. \n\nSecurity Fix(es):\n\n* libtar: out-of-bounds read in gnu_longlink (CVE-2021-33643)\n\n* libtar: out-of-bounds read in gnu_longname (CVE-2021-33644)\n\n* libtar: memory leak found in th_read() function (CVE-2021-33645)\n\n* libtar: memory leak found in th_read() function (CVE-2021-33646)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.8 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2121289 - CVE-2021-33643 libtar: out-of-bounds read in gnu_longlink\n2121292 - CVE-2021-33644 libtar: out-of-bounds read in gnu_longname\n2121295 - CVE-2021-33645 libtar: memory leak found in th_read() function\n2121297 - CVE-2021-33646 libtar: memory leak found in th_read() function\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\nlibtar-1.2.20-17.el8.src.rpm\n\naarch64:\nlibtar-1.2.20-17.el8.aarch64.rpm\nlibtar-debuginfo-1.2.20-17.el8.aarch64.rpm\nlibtar-debugsource-1.2.20-17.el8.aarch64.rpm\n\nppc64le:\nlibtar-1.2.20-17.el8.ppc64le.rpm\nlibtar-debuginfo-1.2.20-17.el8.ppc64le.rpm\nlibtar-debugsource-1.2.20-17.el8.ppc64le.rpm\n\ns390x:\nlibtar-1.2.20-17.el8.s390x.rpm\nlibtar-debuginfo-1.2.20-17.el8.s390x.rpm\nlibtar-debugsource-1.2.20-17.el8.s390x.rpm\n\nx86_64:\nlibtar-1.2.20-17.el8.i686.rpm\nlibtar-1.2.20-17.el8.x86_64.rpm\nlibtar-debuginfo-1.2.20-17.el8.i686.rpm\nlibtar-debuginfo-1.2.20-17.el8.x86_64.rpm\nlibtar-debugsource-1.2.20-17.el8.i686.rpm\nlibtar-debugsource-1.2.20-17.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-33643\nhttps://access.redhat.com/security/cve/CVE-2021-33644\nhttps://access.redhat.com/security/cve/CVE-2021-33645\nhttps://access.redhat.com/security/cve/CVE-2021-33646\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBZGNwdNzjgjWX9erEAQjfPw//SoG/pVemP1peDGxUFDfBMBbldrFWpNro\nTe4tTe3YAkVgQgtnGZ8n3Arlrryk+3wfgQj3u9gdUj1w14YyEZC8hpWLCXI5iw/P\nUl4dHHOnO0UW568dkaqUeJjl02o2ugRp2RZVt14yuZqLKmF9WCJW7lCZQLoqCIVp\n7P3vZOQBlyU6BuGXO4Th86fpLDEZCboBQDA2QeNFvt+qNwvNxgb3A05217tfXnZ4\nEpltZPIrl8pzEmmWA09XeFgIm5GXNiWjjR/fF3OHSgQ9cmXnafxWSBNiDlzHNQCk\n0/z5gcvl+BJLceQoZBo6hdldHCiOF20jCxr8Nb/3sSJ+zAqQqqNsnDQ1TGs2GMDz\nMx5JECSk0p79MMKR0mrP2NbCqxqEsqOkjinIa0PDlKNPFbEikA4l7fXu58KyHsr/\nV9otYHvD1ilS7cTw1FGi198oodCofA+euZCQBNnWuFbnrCo1cyRBN6mjCMZwDgww\nZhNWOUvAmkhtC5ebBb8zuMJ73ojSwiv886kJbEjDlG7SDGbMPHxEAgTHWZp5l+jw\nz36m+SegsAXE/UKHRYTFriRA5p1pyq/AVUMwhMXvQhwwNxPl2wsaUOJGFBw3Fu3n\nbAFXpxAngQvELHEFOtmL9fzbnFo93OTkvuz9tJpbvNOCmDBJJEN6Znhic0iWzT0p\nkHiakPvkvj4=I+bk\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33644"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020153"
},
{
"db": "VULHUB",
"id": "VHN-393722"
},
{
"db": "PACKETSTORM",
"id": "172362"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-33644",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020153",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2779",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-393722",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172362",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393722"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020153"
},
{
"db": "PACKETSTORM",
"id": "172362"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2779"
},
{
"db": "NVD",
"id": "CVE-2021-33644"
}
]
},
"id": "VAR-202208-0945",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-393722"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:02:28.939000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "openEuler Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=204268"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2779"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393722"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020153"
},
{
"db": "NVD",
"id": "CVE-2021-33644"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openeuler-sa-2022-1807"
},
{
"trust": 1.5,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7q26qdnojdofywmjweik5xr62m2ff6ij/"
},
{
"trust": 1.5,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/od4hebsti22fnykokk7w3x6zqe6fv3xc/"
},
{
"trust": 1.5,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4s4pjrcjleawn2ekxglsobtl7o57v7nc/"
},
{
"trust": 1.5,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7wx5ye66ct7y5c2hthxsfdkqwywywj2t/"
},
{
"trust": 1.5,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5yshzy753r7xw6cikjvawi373ww3yrrj/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4s4pjrcjleawn2ekxglsobtl7o57v7nc/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5yshzy753r7xw6cikjvawi373ww3yrrj/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7q26qdnojdofywmjweik5xr62m2ff6ij/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7wx5ye66ct7y5c2hthxsfdkqwywywj2t/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/od4hebsti22fnykokk7w3x6zqe6fv3xc/"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33644"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/libtar-four-vulnerabilities-39176"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-33644/"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33643"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:2898"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33646"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33646"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33644"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33643"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393722"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020153"
},
{
"db": "PACKETSTORM",
"id": "172362"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2779"
},
{
"db": "NVD",
"id": "CVE-2021-33644"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-393722"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020153"
},
{
"db": "PACKETSTORM",
"id": "172362"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2779"
},
{
"db": "NVD",
"id": "CVE-2021-33644"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-10T00:00:00",
"db": "VULHUB",
"id": "VHN-393722"
},
{
"date": "2023-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-020153"
},
{
"date": "2023-05-16T17:07:39",
"db": "PACKETSTORM",
"id": "172362"
},
{
"date": "2022-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2779"
},
{
"date": "2022-08-10T20:15:20.517000",
"db": "NVD",
"id": "CVE-2021-33644"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-11T00:00:00",
"db": "VULHUB",
"id": "VHN-393722"
},
{
"date": "2023-09-19T08:11:00",
"db": "JVNDB",
"id": "JVNDB-2021-020153"
},
{
"date": "2022-12-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2779"
},
{
"date": "2023-11-07T03:35:53.727000",
"db": "NVD",
"id": "CVE-2021-33644"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2779"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "feep.net\u00a0 of \u00a0libtar\u00a0 Out-of-Bounds Read Vulnerability in Other Vendors\u0027 Products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020153"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2779"
}
],
"trust": 0.6
}
}
Vulnerability from fkie_nvd
Published
2022-08-10 20:15
Modified
2024-11-21 06:09
Severity ?
Summary
The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| feep | libtar | * | |
| huawei | openeuler | 20.03 | |
| huawei | openeuler | 20.03 | |
| huawei | openeuler | 22.03 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| fedoraproject | fedora | 37 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:feep:libtar:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FB33CE5-5B11-49D2-9277-67E941584A35",
"versionEndExcluding": "1.2.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:openeuler:20.03:sp1:*:*:lts:*:*:*",
"matchCriteriaId": "78AA9487-C85C-4F4F-9429-E0496080F7B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:openeuler:20.03:sp3:*:*:lts:*:*:*",
"matchCriteriaId": "2E9E5CF1-3FD7-413A-BD29-0EBA0E1E6766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:openeuler:22.03:*:*:*:lts:*:*:*",
"matchCriteriaId": "435FECB5-9313-4400-A95F-8F7C9D5A0A07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The th_read() function doesn\u2019t free a variable t-\u003eth_buf.gnu_longlink after allocating memory, which may cause a memory leak."
},
{
"lang": "es",
"value": "La funci\u00f3n th_read() no libera una variable t-)th_buf.gnu_longlink despu\u00e9s de asignar memoria, lo que puede causar una p\u00e9rdida de memoria"
}
],
"id": "CVE-2021-33645",
"lastModified": "2024-11-21T06:09:16.087",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-10T20:15:20.573",
"references": [
{
"source": "securities@openeuler.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/"
},
{
"source": "securities@openeuler.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ/"
},
{
"source": "securities@openeuler.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/"
},
{
"source": "securities@openeuler.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/"
},
{
"source": "securities@openeuler.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC/"
},
{
"source": "securities@openeuler.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807"
}
],
"sourceIdentifier": "securities@openeuler.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "securities@openeuler.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-10-17 23:55
Modified
2024-11-21 01:55
Severity ?
Summary
Multiple integer overflows in the th_read function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) name or (2) link in an archive, which triggers a heap-based buffer overflow.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:feep:libtar:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1231D25C-DCF5-40CD-9217-EEFFF056D0FC",
"versionEndIncluding": "1.2.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feep:libtar:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "17D20697-E839-434B-A12A-6C09A8F2D79A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feep:libtar:1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FB0B7CEF-1B95-4FC5-94A6-834488341AD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feep:libtar:1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "15FDD28C-D035-4E76-BE44-E8191A487064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feep:libtar:1.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "10A64757-FC13-441A-9667-6222E1881B2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feep:libtar:1.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "2161B141-7C5C-4FF6-B7E7-BF06580821BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feep:libtar:1.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "CFEFFA4F-EF13-4CF4-AA05-CDC6DA28A383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feep:libtar:1.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "2E41D1E6-B7B3-4A0A-8F5A-A62BD3D6DBA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in the th_read function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) name or (2) link in an archive, which triggers a heap-based buffer overflow."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de entero en la funci\u00f3n the_read de lib/block.c en libtar anterior a 1.2.20 permite a atacantes remotos causar una dengaci\u00f3n de servicio (crash) y posiblemente ejecuta c\u00f3digo de forma arbitraria a trav\u00e9s de un largo (1) nombre o (2) enlace en un archivo, lo que dispara un desbordamiento de buffer (heap)"
}
],
"id": "CVE-2013-4397",
"lastModified": "2024-11-21T01:55:29.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-10-17T23:55:04.580",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://repo.or.cz/w/libtar.git/commitdiff/45448e8bae671c2f7e80b860ae0fc0cedf2bdc04"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1418.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55188"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55253"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2013/dsa-2817"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/10/10/4"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/10/10/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/62922"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1029166"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1040106"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.feep.net:8080/pipermail/libtar/2013-October/000361.html"
},
{
"source": "secalert@redhat.com",
"url": "https://source.android.com/security/bulletin/2018-01-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://repo.or.cz/w/libtar.git/commitdiff/45448e8bae671c2f7e80b860ae0fc0cedf2bdc04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1418.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2817"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/10/10/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/10/10/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/62922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1029166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1040106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.feep.net:8080/pipermail/libtar/2013-October/000361.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://source.android.com/security/bulletin/2018-01-01"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-20 16:55
Modified
2024-11-21 01:55
Severity ?
Summary
Multiple directory traversal vulnerabilities in the (1) tar_extract_glob and (2) tar_extract_all functions in libtar 1.2.20 and earlier allow remote attackers to overwrite arbitrary files via a .. (dot dot) in a crafted tar file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:feep:libtar:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7908BED9-25A3-4E8B-852D-EAC8D75745C2",
"versionEndIncluding": "1.2.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feep:libtar:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "17D20697-E839-434B-A12A-6C09A8F2D79A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feep:libtar:1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FB0B7CEF-1B95-4FC5-94A6-834488341AD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feep:libtar:1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "15FDD28C-D035-4E76-BE44-E8191A487064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feep:libtar:1.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "10A64757-FC13-441A-9667-6222E1881B2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feep:libtar:1.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "2161B141-7C5C-4FF6-B7E7-BF06580821BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feep:libtar:1.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "CFEFFA4F-EF13-4CF4-AA05-CDC6DA28A383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feep:libtar:1.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "2E41D1E6-B7B3-4A0A-8F5A-A62BD3D6DBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feep:libtar:1.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "4EC442B5-24F9-46FA-9998-87D550AC695A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in the (1) tar_extract_glob and (2) tar_extract_all functions in libtar 1.2.20 and earlier allow remote attackers to overwrite arbitrary files via a .. (dot dot) in a crafted tar file."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de salto de directorio en las funciones (1) tar_extract_glob y (2) tar_extract_all en libtar 1.2.20 y anteriores permiten a atacantes remotos sobreescribir archivos arbitrarios a trav\u00e9s de un .. (punto punto) en un archivo TAR manipulado."
}
],
"id": "CVE-2013-4420",
"lastModified": "2024-11-21T01:55:31.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-20T16:55:05.250",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-2863"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731860"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.feep.net:8080/pipermail/libtar/2014-February/000403.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2863"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.feep.net:8080/pipermail/libtar/2014-February/000403.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-10 20:15
Modified
2024-11-21 06:09
Severity ?
Summary
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| feep | libtar | * | |
| huawei | openeuler | 20.03 | |
| huawei | openeuler | 20.03 | |
| huawei | openeuler | 22.03 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| fedoraproject | fedora | 37 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:feep:libtar:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FB33CE5-5B11-49D2-9277-67E941584A35",
"versionEndExcluding": "1.2.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:openeuler:20.03:sp1:*:*:lts:*:*:*",
"matchCriteriaId": "78AA9487-C85C-4F4F-9429-E0496080F7B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:openeuler:20.03:sp3:*:*:lts:*:*:*",
"matchCriteriaId": "2E9E5CF1-3FD7-413A-BD29-0EBA0E1E6766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:openeuler:22.03:*:*:*:lts:*:*:*",
"matchCriteriaId": "435FECB5-9313-4400-A95F-8F7C9D5A0A07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read."
},
{
"lang": "es",
"value": "Un atacante que env\u00eda un archivo tar dise\u00f1ado con el tama\u00f1o de la estructura de encabezado siendo 0 puede ser capaz de desencadenar una llamada de malloc(0) para una variable gnu_longlink, causando una lectura fuera de l\u00edmites"
}
],
"id": "CVE-2021-33643",
"lastModified": "2024-11-21T06:09:15.827",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-10T20:15:20.450",
"references": [
{
"source": "securities@openeuler.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/"
},
{
"source": "securities@openeuler.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ/"
},
{
"source": "securities@openeuler.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/"
},
{
"source": "securities@openeuler.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/"
},
{
"source": "securities@openeuler.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC/"
},
{
"source": "securities@openeuler.org",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807"
}
],
"sourceIdentifier": "securities@openeuler.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "securities@openeuler.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-10 20:15
Modified
2024-11-21 06:09
Severity ?
Summary
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| feep | libtar | * | |
| huawei | openeuler | 20.03 | |
| huawei | openeuler | 20.03 | |
| huawei | openeuler | 22.03 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| fedoraproject | fedora | 37 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:feep:libtar:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FB33CE5-5B11-49D2-9277-67E941584A35",
"versionEndExcluding": "1.2.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:openeuler:20.03:sp1:*:*:lts:*:*:*",
"matchCriteriaId": "78AA9487-C85C-4F4F-9429-E0496080F7B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:openeuler:20.03:sp3:*:*:lts:*:*:*",
"matchCriteriaId": "2E9E5CF1-3FD7-413A-BD29-0EBA0E1E6766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:openeuler:22.03:*:*:*:lts:*:*:*",
"matchCriteriaId": "435FECB5-9313-4400-A95F-8F7C9D5A0A07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read."
},
{
"lang": "es",
"value": "Un atacante que env\u00eda un archivo tar dise\u00f1ado con el tama\u00f1o de la estructura de cabecera siendo 0 puede ser capaz de desencadenar una llamada de malloc(0) para una variable gnu_longname, causando una lectura fuera de l\u00edmites"
}
],
"id": "CVE-2021-33644",
"lastModified": "2024-11-21T06:09:15.970",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-10T20:15:20.517",
"references": [
{
"source": "securities@openeuler.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/"
},
{
"source": "securities@openeuler.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ/"
},
{
"source": "securities@openeuler.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/"
},
{
"source": "securities@openeuler.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/"
},
{
"source": "securities@openeuler.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC/"
},
{
"source": "securities@openeuler.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807"
}
],
"sourceIdentifier": "securities@openeuler.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "securities@openeuler.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-10 20:15
Modified
2024-11-21 06:09
Severity ?
Summary
The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| feep | libtar | * | |
| huawei | openeuler | 20.03 | |
| huawei | openeuler | 20.03 | |
| huawei | openeuler | 22.03 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| fedoraproject | fedora | 37 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:feep:libtar:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FB33CE5-5B11-49D2-9277-67E941584A35",
"versionEndExcluding": "1.2.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:openeuler:20.03:sp1:*:*:lts:*:*:*",
"matchCriteriaId": "78AA9487-C85C-4F4F-9429-E0496080F7B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:openeuler:20.03:sp3:*:*:lts:*:*:*",
"matchCriteriaId": "2E9E5CF1-3FD7-413A-BD29-0EBA0E1E6766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:openeuler:22.03:*:*:*:lts:*:*:*",
"matchCriteriaId": "435FECB5-9313-4400-A95F-8F7C9D5A0A07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The th_read() function doesn\u2019t free a variable t-\u003eth_buf.gnu_longname after allocating memory, which may cause a memory leak."
},
{
"lang": "es",
"value": "La funci\u00f3n th_read() no libera una variable t-)th_buf.gnu_longname despu\u00e9s de asignar memoria, lo que puede causar una p\u00e9rdida de memoria"
}
],
"id": "CVE-2021-33646",
"lastModified": "2024-11-21T06:09:16.213",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-10T20:15:20.637",
"references": [
{
"source": "securities@openeuler.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/"
},
{
"source": "securities@openeuler.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ/"
},
{
"source": "securities@openeuler.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/"
},
{
"source": "securities@openeuler.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/"
},
{
"source": "securities@openeuler.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC/"
},
{
"source": "securities@openeuler.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807"
}
],
"sourceIdentifier": "securities@openeuler.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "securities@openeuler.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}