Vulnerability CVE-2021-33643: Information
Description
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.
Severity: CRITICAL (9.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
libtar | sisyphus | 1.2.20-alt3.git.6d0ab4c | 1.2.20-alt4.git.6d0ab4c | ALT-PU-2023-7462-2 | 334852 | Fixed |
libtar | sisyphus_e2k | 1.2.20-alt3.git.6d0ab4c | 1.2.20-alt4.git.6d0ab4c | ALT-PU-2023-7541-1 | - | Fixed |
libtar | sisyphus_riscv64 | 1.2.20-alt3.git.6d0ab4c | 1.2.20-alt4.git.6d0ab4c | ALT-PU-2023-7486-1 | - | Fixed |
libtar | p10 | 1.2.20-alt4.git.6d0ab4c | 1.2.20-alt4.git.6d0ab4c | ALT-PU-2023-7618-2 | 334854 | Fixed |
libtar | p10_e2k | 1.2.20-alt4.git.6d0ab4c | 1.2.20-alt4.git.6d0ab4c | ALT-PU-2023-7713-1 | - | Fixed |