Astra Linux - уязвимость в libtar

The thread function does not free the variable t-thbuf.gnulongname after allocating memory, which may lead to a memory leak...

Astra Linux - уязвимость в libtar

An attacker who submits a crafted tar file with a size of 0 in the header struct field may be able to trigger a call to malloc0 for the variable gnulongname, resulting in an out-of-bounds read...

tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling

...

BIT-PYTHON-2025-13462 tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling

The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations...

CVE-2025-13462 tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling

The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations...

MiracleLinux 8 : libtar-1.2.20-17.el8 (AXSA:2023-5561:01)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5561:01 advisory. libtar: out-of-bounds read in gnulonglink CVE-2021-33643 libtar: out-of-bounds read in gnulongname CVE-2021-33644 libtar: memory leak found in threa...

RLSA-2023:2898 Moderate: libtar security update

The libtar packages contain a C library for manipulating tar archives. The library supports both the strict POSIX tar format and many of the commonly used GNU extensions. Security Fixes: libtar: out-of-bounds read in gnulonglink CVE-2021-33643 libtar: out-of-bounds read in gnulongname...

SUSE CVE-2021-33646

The thread function doesn't free a variable t-thbuf.gnulongname after allocating memory, which may cause a memory leak...

libtar: out-of-bounds read in gnu_longname

A flaw was found in libtar. This flaw allows an attacker who submits a crafted tar file with size in header struct being 0 to trigger a calling of malloc0 for a variable gnulongname, causing an out-of-bounds read...

libtar: memory leak found in th_read() function

A flaw was found in libtar. This security vulnerability occurs because the thread function in libtar doesn’t free a variable t-thbuf.gnulongname after allocating memory, which may cause a memory leak...

SUSE CVE-2021-33644

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnulongname, causing an out-of-bounds read...

DEBIAN-CVE-2021-33646

The thread function doesn’t free a variable t-thbuf.gnulongname after allocating memory, which may cause a memory leak...

DEBIAN-CVE-2021-33644

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnulongname, causing an out-of-bounds read...

AZL-34949 CVE-2021-33646 affecting package libtar for versions less than 1.2.20-11

The thread function doesn’t free a variable t-thbuf.gnulongname after allocating memory, which may cause a memory leak...

UBUNTU-CVE-2021-33646

The thread function doesn’t free a variable t-thbuf.gnulongname after allocating memory, which may cause a memory leak...

UBUNTU-CVE-2021-33644

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnulongname, causing an out-of-bounds read...

openEuler 缓冲区错误漏洞

openEuler is an operating system from the Open Atomics Open Source Foundation. Open Atomics Open Source Foundation A security vulnerability exists in versions 20.03-LTS-SP1, 20.03-LTS-SP3, and 22.03-LTS of openEuler, which stems from the fact that an attacker who submits a specially crafted tar...

PT-2022-10277 · Alt Linux +7 · Alt Linux +7

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger a call to malloc0 for a variable gnu longname,...