CVE-2021-33643

Опубликовано: 10 авг. 2022

Источник: nvd

CVSS3: 9.1

EPSS Низкий

Описание

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:feep:libtar:*:*:*:*:*:*:*:*

Версия до 1.2.21 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:openatom:openeuler:20.03:sp1:*:*:lts:*:*:*

cpe:2.3:o:openatom:openeuler:20.03:sp3:*:*:lts:*:*:*

cpe:2.3:o:openatom:openeuler:22.03:*:*:*:lts:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

EPSS

Процентиль: 38%

0.00159

Низкий

9.1 Critical

CVSS3

Дефекты

CWE-125

Связанные уязвимости

CVE-2021-33643

CVSS3: 9.1

ubuntu

почти 3 года назад

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.

CVE-2021-33643

CVSS3: 7.4

redhat

почти 3 года назад

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.

CVE-2021-33643

CVSS3: 9.1

msrc

почти 3 года назад

Описание отсутствует

CVE-2021-33643

CVSS3: 9.1

debian

почти 3 года назад

An attacker who submits a crafted tar file with size in header struct ...

GHSA-j7g9-fcw9-wxcf

CVSS3: 9.1

github

почти 3 года назад

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.

EPSS

Процентиль: 38%

0.00159

Низкий

9.1 Critical

CVSS3

Дефекты

CWE-125