CVE-2021-33643

CRITICAL

libtar <= 1.2.21 - Out-of-Bounds Read via Crafted Tar File

Title source: llm
STIX 2.1

Description

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.

Scores

CVSS v3 9.1
EPSS 0.0133
EPSS Percentile 67.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-125
Status published
Products (7)
None/libtar <1.2.21
fedoraproject/fedora 35
fedoraproject/fedora 36
fedoraproject/fedora 37
feep/libtar < 1.2.21
openatom/openeuler 20.03 sp1 (2 CPE variants)
openatom/openeuler 22.03
Published Aug 10, 2022
Tracked Since Feb 18, 2026