CVE-2013-4420 affecting package libtar for versions less than 1.2.20-11

CVE-2013-4420 affecting package libtar for versions less than 1.2.20-11. A patched version of the package is available...

CVE-2021-33645 affecting package libtar for versions less than 1.2.20-11

CVE-2021-33645 affecting package libtar for versions less than 1.2.20-11. A patched version of the package is available...

CVE-2021-33646 affecting package libtar for versions less than 1.2.20-11

CVE-2021-33646 affecting package libtar for versions less than 1.2.20-11. A patched version of the package is available...

CVE-2021-33644 affecting package libtar for versions less than 1.2.20-11

CVE-2021-33644 affecting package libtar for versions less than 1.2.20-11. A patched version of the package is available...

CVE-2021-33640 affecting package libtar for versions less than 1.2.20-11

CVE-2021-33640 affecting package libtar for versions less than 1.2.20-11. A patched version of the package is available...

K000135439: libtar vulnerabilities CVE-2021-33643, CVE-2021-33644, CVE-2021-33645, CVE-2021-33646

Security Advisory Description CVE-2021-33643 An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnulonglink, causing an out-of-bounds read. CVE-2021-33644 An attacker who submits a crafted tar file with size in...

Advisory ROSA-SA-2023-2172

Software: libtar 1.2.20 OS: ROSA Virtualization 2.1 packageevrstring: libtar-1.2.20-17.rv3 CVE-ID: CVE-2021-33644 BDU-ID: None CVE-Crit: HIGH CVE-DESC: An attacker who sends a created tar file with a size in the header structure equal to 0 could cause a call to malloc0 for the gnulongname variabl...

EulerOS Virtualization 3.0.6.0 : libtar (EulerOS-SA-2023-2224)

According to the versions of the libtar package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - After tarclose, libtar.c releases the memory pointed to by pointer t. After tarclose is called in the list function, it continues ...

Huawei EulerOS: Security Advisory for libtar (EulerOS-SA-2023-2224)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 8 : libtar (ELSA-2023-2898)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-2898 advisory. - fix use-after-free bugs introduced by incorrect memleak fixes CVE-2021-33640 - fix memory leaks through gnulongname,link CVE-2021-33645 CVE-2021-3364...

libtar security update

1.2.20-17 - fix use-after-free bugs introduced by incorrect memleak fixes CVE-2021-33640 1.2.20-16 - fix memory leaks through gnulongname,link CVE-2021-33645 CVE-2021-33646 - fix out-of-bounds read in gnulongname,link CVE-2021-33643 CVE-2021-33644...

Critical Photon OS Security Update - PHSA-2023-5.0-0010

Updates of 'libtar', 'emacs', 'apr', 'containerd', 'libksba', 'strongswan' packages of Photon OS have been released...

AlmaLinux 8 : libtar (ALSA-2023:2898)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:2898 advisory. - An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnulonglink,...

RHEL 8 : libtar (RHSA-2023:2898)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:2898 advisory. The libtar packages contain a C library for manipulating tar archives. The library supports both the strict POSIX tar format and many of the...

libtar: memory leak found in th_read() function

A flaw was found in libtar. This security vulnerability occurs because the thread function in libtar doesn’t free a variable t-thbuf.gnulonglink after allocating memory, which may cause a memory leak...

libtar: out-of-bounds read in gnu_longname

A flaw was found in libtar. This flaw allows an attacker who submits a crafted tar file with size in header struct being 0 to trigger a calling of malloc0 for a variable gnulongname, causing an out-of-bounds read...

libtar: memory leak found in th_read() function

A flaw was found in libtar. This security vulnerability occurs because the thread function in libtar doesn’t free a variable t-thbuf.gnulongname after allocating memory, which may cause a memory leak...

libtar: out-of-bounds read in gnu_longlink

A flaw was found in libtar. This flaw allows an attacker who submits a crafted tar file with the size in the header struct being 0 to trigger a calling of malloc0 for a variable gnulonglink, causing an out-of-bounds read...

Moderate: Red Hat Security Advisory: libtar security update

An update for libtar is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

CentOS 8 : libtar (CESA-2023:2898)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:2898 advisory. - An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnulonglink...