CVE-2021-33646

CVE-2021-33646 affects the libtar library. The root cause is a memory leak in th_read() where t->th_buf.gnu_longname is not freed after allocation, as documented across multiple advisories (including Debian DLA-4033-1, CBLMariner entries, AlmaLinux ALSA-2023:2898, and OpenEuler/CNNVD reference...

CVE-2021-33645

CVE-2021-33645 reports a memory leak in the libtar th_read() function due to not freeing t->th_buf.gnu_longlink after allocation. Connected advisories confirm this affects multiple distributions with varying affected versions (e.g., libtar ≤ 1.2.20-11 in some cases; sometimes ≤ 1.2.20-10 or 1....

CVE-2021-33643

CVE-2021-33643 is a vulnerability in the libtar library where an attacker submitting a crafted tar file with a header size of 0 can trigger a call to malloc(0) for gnu_longlink, leading to an out-of-bounds read. The issue is documented across multiple connected sources (open-source Linux distribu...

CVE-2021-33644

CVE-2021-33644 affects libtar. A crafted tar header with size 0 may trigger malloc(0) for gnu_longname, causing an out-of-bounds read. Multiple third-party advisories confirm libtar updates (e.g., patched versions such as 1.2.20-11 in various distributions) as a remediation. No exploitation detai...

CVE-2013-4420

CVE-2013-4420 affects libtar 1.2.20 and earlier, where tar_extract_glob and tar_extract_all are vulnerable to directory traversal via .. in crafted tar files, allowing remote overwrite of arbitrary files. Several connected advisories confirm affected versions and note a patched version is availab...

CVE-2013-4397

Concretely, CVE-2013-4397 affects the libtar library (libtar) prior to 1.2.20. The vulnerability arises from integer overflows in the th_read() function in lib/block.c, enabling a heap-based buffer overflow when processing long names or links in tar archives. Exploitation could result in remote d...