22 matches found
Astra Linux - уязвимость в libtar
The thread function does not free the variable t-thbuf.gnulonglink after allocating memory, which may lead to a memory leak...
Astra Linux - уязвимость в libtar
An attacker who submits a crafted tar file with a size of 0 in the header struct may be able to trigger a call to malloc0 for a variable named gnulonglink, resulting in an out-of-bounds read...
tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling
...
BIT-PYTHON-2025-13462 tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling
The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations...
MiracleLinux 8 : libtar-1.2.20-17.el8 (AXSA:2023-5561:01)
The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5561:01 advisory. libtar: out-of-bounds read in gnulonglink CVE-2021-33643 libtar: out-of-bounds read in gnulongname CVE-2021-33644 libtar: memory leak found in threa...
RLSA-2023:2898 Moderate: libtar security update
The libtar packages contain a C library for manipulating tar archives. The library supports both the strict POSIX tar format and many of the commonly used GNU extensions. Security Fixes: libtar: out-of-bounds read in gnulonglink CVE-2021-33643 libtar: out-of-bounds read in gnulongname...
libarchive security update
An update is available for libarchive. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libarchive programming library can create and read several different...
libarchive: heap buffer over-read in header_gnu_longlink
A flaw was found in the libarchive library. A specially-crafted tar file may trigger a head-based buffer over-read condition due to incorrect handling of truncation in the middle of a long GNU linkname. This issue can cause an application crash leading to a denial of service...
SUSE CVE-2021-33645
The thread function doesn't free a variable t-thbuf.gnulonglink after allocating memory, which may cause a memory leak...
libtar: memory leak found in th_read() function
A flaw was found in libtar. This security vulnerability occurs because the thread function in libtar doesn’t free a variable t-thbuf.gnulonglink after allocating memory, which may cause a memory leak...
libtar: out-of-bounds read in gnu_longlink
A flaw was found in libtar. This flaw allows an attacker who submits a crafted tar file with the size in the header struct being 0 to trigger a calling of malloc0 for a variable gnulonglink, causing an out-of-bounds read...
SUSE CVE-2021-33643
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnulonglink, causing an out-of-bounds read...
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink causing an out-of-bounds read.
...
The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory which may cause a memory leak.
...
DEBIAN-CVE-2021-33643
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnulonglink, causing an out-of-bounds read...
DEBIAN-CVE-2021-33645
The thread function doesn’t free a variable t-thbuf.gnulonglink after allocating memory, which may cause a memory leak...
AZL-10544 CVE-2021-33645 affecting package libtar for versions less than 1.2.20-10
The thread function doesn’t free a variable t-thbuf.gnulonglink after allocating memory, which may cause a memory leak...
AZL-10542 CVE-2021-33643 affecting package libtar for versions less than 1.2.20-10
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnulonglink, causing an out-of-bounds read...
UBUNTU-CVE-2021-33643
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnulonglink, causing an out-of-bounds read...
UBUNTU-CVE-2021-33645
The thread function doesn’t free a variable t-thbuf.gnulonglink after allocating memory, which may cause a memory leak...