CVE-2021-20193

Published: Mar 26, 2021Modified: May 5, 2025

3.3

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.

Affected (1)

Products: Gnu: Tar

Gnu

1 product

Tar

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gnu Tar	Up to 1.33

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-401

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (8)

https://bugzilla.redhat.com/show_bug.cgi?id=1917565

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777

Source: secalert@redhat.com

Mailing ListPatchThird Party Advisory

https://savannah.gnu.org/bugs/?59897

Source: secalert@redhat.com

Issue TrackingPatchVendor Advisory

https://security.gentoo.org/glsa/202105-29

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1917565

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

https://savannah.gnu.org/bugs/?59897

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchVendor Advisory

https://security.gentoo.org/glsa/202105-29

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.