Lucene search

K

ROSA LABROSA-SA-2023-2172

HistoryJun 20, 2023 - 10:44 a.m.

Advisory ROSA-SA-2023-2172

2023-06-2010:44:52

ROSA LAB

abf.rosalinux.ru

15

libtar 1.2.20

rosa virtualization 2.1

out-of-bounds read

memory leak

yum update

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

EPSS

0.003

Percentile

69.4%

Software: libtar 1.2.20
OS: ROSA Virtualization 2.1

package_evr_string: libtar-1.2.20-17.rv3

CVE-ID: CVE-2021-33644
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC: An attacker who sends a created tar file with a size in the header structure equal to 0 could cause a call to malloc(0) for the gnu_longname variable, resulting in an out-of-bounds read.
CVE-STATUS: Fixed
CVE-REV: Run the yum update libtar command to close it

CVE-ID: CVE-2021-33646
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC: The th_read() function does not free the t->th_buf.gnu_longname variable after memory allocation, which may cause a memory leak.
CVE-STATUS: Fixed
CVE-REV: Run the yum update libtar command to close it

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchlibtar< 1.2.20UNKNOWN

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

EPSS

0.003

Percentile

69.4%

Related for ROSA-SA-2023-2172

osv1 nessus14 openvas10 mageia1 oraclelinux1 rosalinux1 f51 almalinux1 redhat1 fedora5 redhatcve3 cbl_mariner6 photon5 nvd2 veracode2 alpinelinux2 prion2 cvelist2 cve2 ubuntucve2