Lucene search

PRIOn knowledge basePRION:CVE-2021-33640

HistoryDec 19, 2022 - 4:15 p.m.

Memory corruption

2022-12-1916:15:00

PRIOn knowledge base

www.prio-n.com

libtar.c

use-after-free

memory corruption

list() function

9.1 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.6%

JSON

After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result, the released memory is used (use-after-free).

CPENameOperatorVersion
fedoraeq36
fedoraeq37
openeulereq20.3 sp2
openeulereq20.3 sp1
openeulereq22.03

Name	Operator	Version
fedora	eq	36
fedora	eq	37
openeuler	eq	20.3 sp2
openeuler	eq	20.3 sp1
openeuler	eq	22.03

References

lists.fedoraproject.org/archives/list/[email protected]/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/

lists.fedoraproject.org/archives/list/[email protected]/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/

www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-33640&packageName=libtar