AZL-34950 CVE-2021-33640 affecting package libtar for versions less than 1.2.20-11

After tarclose, libtar.c releases the memory pointed to by pointer t. After tarclose is called in the list function, it continues to use pointer t: freelonglinklongnamet-thbuf . As a result, the released memory is used use-after-free...

AZL-34947 CVE-2021-33644 affecting package libtar for versions less than 1.2.20-11

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnulongname, causing an out-of-bounds read...

AZL-34948 CVE-2021-33645 affecting package libtar for versions less than 1.2.20-11

The thread function doesn’t free a variable t-thbuf.gnulonglink after allocating memory, which may cause a memory leak...

AZL-34949 CVE-2021-33646 affecting package libtar for versions less than 1.2.20-11

The thread function doesn’t free a variable t-thbuf.gnulongname after allocating memory, which may cause a memory leak...

AZL-34945 CVE-2013-4420 affecting package libtar for versions less than 1.2.20-11

Multiple directory traversal vulnerabilities in the 1 tarextractglob and 2 tarextractall functions in libtar 1.2.20 and earlier allow remote attackers to overwrite arbitrary files via a .. dot dot in a crafted tar file...