Astra Linux – Vulnerability in libtar

An attacker who submits a crafted tar file with a size of 0 in the header struct field may be able to trigger a call to malloc0 for the variable gnulongname, resulting in an out-of-bounds read...

Astra Linux – Vulnerability in libtar

The thread function does not free the variable t-thbuf.gnulongname after allocating memory, which may lead to a memory leak...

tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling

...

BIT-PYTHON-2025-13462 tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling

The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations...

CVE-2025-13462 tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling

The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations...

MiracleLinux 8 : libtar-1.2.20-17.el8 (AXSA:2023-5561:01)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5561:01 advisory. libtar: out-of-bounds read in gnulonglink CVE-2021-33643 libtar: out-of-bounds read in gnulongname CVE-2021-33644 libtar: memory leak found in threa...

RLSA-2023:2898 Moderate: libtar security update

The libtar packages contain a C library for manipulating tar archives. The library supports both the strict POSIX tar format and many of the commonly used GNU extensions. Security Fixes: libtar: out-of-bounds read in gnulonglink CVE-2021-33643 libtar: out-of-bounds read in gnulongname...

The vulnerability of the libtar package, related to reading data beyond the memory boundaries, allows an attacker to gain access to confidential information.

The vulnerability of the libtar package is related to the initiation of the malloc0 call for the variable gnulongname. Exploiting this vulnerability may allow an attacker to gain access to confidential information...

SUSE CVE-2021-33646

The thread function doesn't free a variable t-thbuf.gnulongname after allocating memory, which may cause a memory leak...

libtar: out-of-bounds read in gnu_longname

A flaw was found in libtar. This flaw allows an attacker who submits a crafted tar file with size in header struct being 0 to trigger a calling of malloc0 for a variable gnulongname, causing an out-of-bounds read...

libtar: memory leak found in th_read() function

A flaw was found in libtar. This security vulnerability occurs because the thread function in libtar doesn’t free a variable t-thbuf.gnulongname after allocating memory, which may cause a memory leak...

SUSE CVE-2021-33644

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnulongname, causing an out-of-bounds read...

DEBIAN-CVE-2021-33646

The thread function doesn’t free a variable t-thbuf.gnulongname after allocating memory, which may cause a memory leak...

DEBIAN-CVE-2021-33644

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnulongname, causing an out-of-bounds read...

AZL-34949 CVE-2021-33646 affecting package libtar for versions less than 1.2.20-11

The thread function doesn’t free a variable t-thbuf.gnulongname after allocating memory, which may cause a memory leak...

UBUNTU-CVE-2021-33646

The thread function doesn’t free a variable t-thbuf.gnulongname after allocating memory, which may cause a memory leak...

UBUNTU-CVE-2021-33644

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnulongname, causing an out-of-bounds read...

openEuler 缓冲区错误漏洞

openEuler is an operating system from the Open Atomics Open Source Foundation. Open Atomics Open Source Foundation A security vulnerability exists in versions 20.03-LTS-SP1, 20.03-LTS-SP3, and 22.03-LTS of openEuler, which stems from the fact that an attacker who submits a specially crafted tar...

PT-2022-10277 · Alt Linux +7 · Alt Linux +7

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger a call to malloc0 for a variable gnu longname,...