Published: 26/03/2021 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

A flaw was found in the src/list.c of tar 1.33 and previous versions. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu tar

Debian Bug report logs - #980525 tar: CVE-2021-20193: Memory leak in read_header() in listc Package: src:tar; Maintainer for src:tar is Janos Lenart <ocsi@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 20 Jan 2021 06:45:02 UTC Severity: important Tags: security, upstream Found in vers ...

An issue was discovered in GNU Tar 133 and earlier There is a memory leak in read_header() in listc in the tar application ...

Critical Infrastructure Sectors: Critical Manufacturing

tar custpm rpm with zstd compression support for centminmod.com LEMP stacks

tar custom rpm with zstd compression support CentOS 6 & 7 64bit Only latest tar version with zstd compression support from gitsavannahgnuorg/cgit/targit Compression options: -a, --auto-compress use archive suffix to determine the compression program -I, --use-compress-program=PROG filte

CWE-125 CWE-401 https://savannah.gnu.org/bugs/?59897 https://bugzilla.redhat.com/show_bug.cgi?id=1917565 https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777 https://security.gentoo.org/glsa/202105-29 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980525 https://nvd.nist.gov https://github.com/centminmod/tar-zstd https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10 https://security.archlinux.org/CVE-2021-20193

CVE-2021-20193

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect