jiachao2130/cvrf2cusa
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2fa030c388
cvrf2cusa/cusa/l/libtar/libtar-1.2.20-21_openEuler-SA-2022-1807.json
Jia Chao fd42fc96e3 release v0.1.2 
Signed-off-by: Jia Chao <jiac13@chinaunicom.cn>
2024-08-01 10:25:22 +08:00

14 lines
1.3 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"id": "openEuler-SA-2022-1807",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1807",
"title": "An update for libtar is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
"severity": "Medium",
"description": "Libtar is a C library for manipulating POSIX tar files. It handles adding and extracting files to/from a tar archive. Requires gcc, make, and zlib.\r\n\r\nSecurity Fix(es):\r\n\r\nAn attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.(CVE-2021-33643)\r\n\r\nAn attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read.(CVE-2021-33644)\r\n\r\nThe th_read() function doesnt free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak.(CVE-2021-33645)\r\n\r\nThe th_read() function doesnt free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak.(CVE-2021-33646)",
"cves": [
{
"id": "CVE-2021-33646",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33646",
"severity": "Low"
}
]
}
Reference in New Issue View Git Blame Copy Permalink