Astra Linux – Vulnerability in libtar

An attacker who submits a crafted tar file with a size of 0 in the header struct may be able to trigger a call to malloc0 for a variable named gnulonglink, resulting in an out-of-bounds read...

Astra Linux – Vulnerability in libtar

The thread function does not free the variable t-thbuf.gnulonglink after allocating memory, which may lead to a memory leak...

tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling

...

BIT-PYTHON-2025-13462 tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling

The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations...

MiracleLinux 8 : libtar-1.2.20-17.el8 (AXSA:2023-5561:01)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5561:01 advisory. libtar: out-of-bounds read in gnulonglink CVE-2021-33643 libtar: out-of-bounds read in gnulongname CVE-2021-33644 libtar: memory leak found in threa...

RLSA-2023:2898 Moderate: libtar security update

The libtar packages contain a C library for manipulating tar archives. The library supports both the strict POSIX tar format and many of the commonly used GNU extensions. Security Fixes: libtar: out-of-bounds read in gnulonglink CVE-2021-33643 libtar: out-of-bounds read in gnulongname...

libarchive security update

An update is available for libarchive. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libarchive programming library can create and read several different...

libarchive: heap buffer over-read in header_gnu_longlink

A flaw was found in the libarchive library. A specially-crafted tar file may trigger a head-based buffer over-read condition due to incorrect handling of truncation in the middle of a long GNU linkname. This issue can cause an application crash leading to a denial of service...

The vulnerability of the libtar package, related to reading data beyond the memory boundaries, allows an attacker to gain access to confidential information.

The vulnerability of the libtar package is related to the initiation of the malloc0 call for the gnulonglink variable. Exploiting this vulnerability may allow an attacker to gain access to confidential information...

SUSE CVE-2021-33645

The thread function doesn't free a variable t-thbuf.gnulonglink after allocating memory, which may cause a memory leak...

libtar: memory leak found in th_read() function

A flaw was found in libtar. This security vulnerability occurs because the thread function in libtar doesn’t free a variable t-thbuf.gnulonglink after allocating memory, which may cause a memory leak...

libtar: out-of-bounds read in gnu_longlink

A flaw was found in libtar. This flaw allows an attacker who submits a crafted tar file with the size in the header struct being 0 to trigger a calling of malloc0 for a variable gnulonglink, causing an out-of-bounds read...

SUSE CVE-2021-33643

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnulonglink, causing an out-of-bounds read...

The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory which may cause a memory leak.

...

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink causing an out-of-bounds read.

...

AZL-10542 CVE-2021-33643 affecting package libtar for versions less than 1.2.20-10

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnulonglink, causing an out-of-bounds read...

DEBIAN-CVE-2021-33645

The thread function doesn’t free a variable t-thbuf.gnulonglink after allocating memory, which may cause a memory leak...

DEBIAN-CVE-2021-33643

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnulonglink, causing an out-of-bounds read...

AZL-10544 CVE-2021-33645 affecting package libtar for versions less than 1.2.20-10

The thread function doesn’t free a variable t-thbuf.gnulonglink after allocating memory, which may cause a memory leak...

UBUNTU-CVE-2021-33645

The thread function doesn’t free a variable t-thbuf.gnulonglink after allocating memory, which may cause a memory leak...