Vulnerability CVE-2021-33643: Information

Description

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.

Severity: CRITICAL (9.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-33643
Published: Aug. 10, 2022
Modified: Nov. 7, 2023
Error type identifier: CWE-125

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
libtarsisyphus1.2.20-alt3.git.6d0ab4c1.2.20-alt4.git.6d0ab4cALT-PU-2023-7462-2334852Fixed
libtarsisyphus_e2k1.2.20-alt3.git.6d0ab4c1.2.20-alt4.git.6d0ab4cALT-PU-2023-7541-1-Fixed
libtarsisyphus_riscv641.2.20-alt3.git.6d0ab4c1.2.20-alt4.git.6d0ab4cALT-PU-2023-7486-1-Fixed
libtarp101.2.20-alt4.git.6d0ab4c1.2.20-alt4.git.6d0ab4cALT-PU-2023-7618-2334854Fixed
libtarp10_e2k1.2.20-alt4.git.6d0ab4c1.2.20-alt4.git.6d0ab4cALT-PU-2023-7713-1-Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807
  • Broken Link
  • Third Party Advisory
FEDORA-2022-fe1a4e3cf0
    FEDORA-2022-50e8a1b51d
      FEDORA-2022-44a20bba43
        FEDORA-2022-88772d0a2d
          FEDORA-2022-ccc68b06cc

              1. Configuration 1

                cpe:2.3:a:feep:libtar:*:*:*:*:*:*:*:*
                End excliding
                1.2.21

                Configuration 2

                cpe:2.3:o:huawei:openeuler:20.03:sp3:*:*:lts:*:*:*
                cpe:2.3:o:huawei:openeuler:20.03:sp1:*:*:lts:*:*:*
                cpe:2.3:o:huawei:openeuler:22.03:*:*:*:lts:*:*:*

                Configuration 3

                cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
                cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
                cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
            VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
            Version: v24.4.2
            Back to top