CVE-2021-33643

Опубликовано: 10 авг. 2022

Источник: ubuntu

Приоритет: medium

CVSS3: 9.1

Описание

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.

Релиз	Статус	Примечание
devel	DNE
esm-apps/bionic	released	1.2.20-7ubuntu0.1~esm1
esm-apps/focal	released	1.2.20-8ubuntu0.20.04.1
esm-apps/jammy	released	1.2.20-8ubuntu0.22.04.1
esm-apps/noble	released	1.2.20-8.1ubuntu0.24.04.1
esm-apps/xenial	released	1.2.20-4ubuntu0.1~esm1
focal	released	1.2.20-8ubuntu0.20.04.1
jammy	released	1.2.20-8ubuntu0.22.04.1
noble	released	1.2.20-8.1ubuntu0.24.04.1
oracular	released	1.2.20-8.1ubuntu0.24.10.1

Показывать по

Ссылки на источники

9.1 Critical

CVSS3

Связанные уязвимости

CVE-2021-33643

CVSS3: 7.4

redhat

почти 3 года назад

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.

CVE-2021-33643

CVSS3: 9.1

nvd

почти 3 года назад

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.

CVE-2021-33643

CVSS3: 9.1

msrc

почти 3 года назад

Описание отсутствует

CVE-2021-33643

CVSS3: 9.1

debian

почти 3 года назад

An attacker who submits a crafted tar file with size in header struct ...

GHSA-j7g9-fcw9-wxcf

CVSS3: 9.1

github

почти 3 года назад

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.

9.1 Critical

CVSS3

CVE-2021-33643

Описание

Пакет libtar

Ссылки на источники

Связанные уязвимости