CVE-2021-33644

Опубликовано: 10 авг. 2022

Источник: redhat

CVSS3: 6.8

EPSS Низкий

Описание

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read.

A flaw was found in libtar. This flaw allows an attacker who submits a crafted tar file with size in header struct being 0 to trigger a calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	libtar	Out of support scope
Red Hat Enterprise Linux 7	libtar	Out of support scope
Red Hat Enterprise Linux 8	libtar	Fixed	RHSA-2023:2898	16.05.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-125

https://bugzilla.redhat.com/show_bug.cgi?id=2121292libtar: out-of-bounds read in gnu_longname

EPSS

Процентиль: 41%

0.00188

Низкий

6.8 Medium

CVSS3

Связанные уязвимости

CVE-2021-33644

CVSS3: 8.1

ubuntu

около 3 лет назад

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read.

CVE-2021-33644

CVSS3: 8.1

nvd

около 3 лет назад

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read.

CVE-2021-33644

CVSS3: 8.1

msrc

около 3 лет назад

Описание отсутствует

CVE-2021-33644

CVSS3: 8.1

debian

около 3 лет назад

An attacker who submits a crafted tar file with size in header struct ...

GHSA-f326-p7mm-52h2

CVSS3: 8.1

github

около 3 лет назад

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read.

EPSS

Процентиль: 41%

0.00188

Низкий

6.8 Medium

CVSS3