CVE-2021-20193

2021-03-26T00:00:00
ID UB:CVE-2021-20193
Type ubuntucve
Reporter ubuntu.com
Modified 2021-03-26T00:00:00

Description

A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.

Bugs

  • <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980525>
  • <https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1912091>

Notes

Author| Note
---|---
sbeattie | the tar command failed to free memory. As this is a command line tool denial of service, this has been rated as priority low