Lucene search
F5F5:K000135439HistoryJul 13, 2023 - 12:00 a.m.
K000135439 : libtar vulnerabilities CVE-2021-33643, CVE-2021-33644, CVE-2021-33645, CVE-2021-33646
2023-07-1300:00:00
my.f5.com
7
libtar
vulnerabilities
crafted tar file
malloc(0)
out-of-bounds read
memory leak
Security Advisory Description
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read.
The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak.
The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak.
Impact
There is no impact; F5 products are not affected by this vulnerability.
Related
osv
osv
Moderate: libtar security update
2023-05-16 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2022-0335)
2022-09-19 00:00:00
Fedora: Security Advisory for libtar (FEDORA-2022-50e8a1b51d)
2022-09-05 00:00:00
Fedora: Security Advisory for libtar (FEDORA-2022-44a20bba43)
2022-09-13 00:00:00
nessus
nessus
EulerOS 2.0 SP5 : libtar (EulerOS-SA-2022-2713)
2022-11-04 00:00:00
EulerOS Virtualization 3.0.2.0 : libtar (EulerOS-SA-2023-1753)
2023-05-06 00:00:00
AlmaLinux 8 : libtar (ALSA-2023:2898)
2023-05-20 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2150
2023-04-11 14:06:36
Advisory ROSA-SA-2023-2172
2023-06-20 10:44:52
mageia
mageia
Updated libtar packages fix security vulnerability
2022-09-16 22:39:55
oraclelinux
oraclelinux
libtar security update
2023-05-24 00:00:00
almalinux
almalinux
Moderate: libtar security update
2023-05-16 00:00:00
redhat
redhat
(RHSA-2023:2898) Moderate: libtar security update
2023-05-16 05:57:35
fedora
fedora
[SECURITY] Fedora 37 Update: libtar-1.2.20-25.fc37
2022-09-12 17:51:59
[SECURITY] Fedora 36 Update: libtar-1.2.20-26.fc36
2022-12-28 01:40:22
[SECURITY] Fedora 36 Update: libtar-1.2.20-25.fc36
2022-09-04 22:48:49
photon
photon
Critical Photon OS Security Update - PHSA-2022-0509
2022-08-18 00:00:00
Critical Photon OS Security Update - PHSA-2022-0231
2022-08-17 00:00:00
Critical Photon OS Security Update - PHSA-2022-4.0-0231
2022-08-17 00:00:00
redhatcve
redhatcve
cbl_mariner
cbl_mariner
CVE-2021-33644 affecting package libtar for versions less than 1.2.20-10
2022-09-16 06:05:32
CVE-2021-33643 affecting package libtar 1.2.20-8
2022-09-17 05:56:33
CVE-2021-33646 affecting package libtar 1.2.20-10
2022-09-17 05:56:33
alpinelinux
alpinelinux
veracode
veracode
Denial Of Service (DoS)
2022-08-11 05:39:46
Denial Of Service (DoS)
2022-08-11 05:34:58
Denial Of Service (DoS)
2022-08-11 05:17:38
nvd
nvd
cvelist
cvelist
prion
prion
Memory corruption
2022-08-10 20:15:00
Out-of-bounds
2022-08-10 20:15:00
Memory corruption
2022-08-10 20:15:00
ubuntucve
ubuntucve
cve
cve