CVE-2021-33645

HIGH

libtar - Memory Leak

Title source: llm

Description

The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak.

References (7)

[Third Party Advisory] https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807

[Mailing List] https://lists.debian.org/debian-lts-announce/2025/01/msg00026.html

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC/

Scores

CVSS v3 7.5

EPSS 0.0024

EPSS Percentile 46.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-401

Status published

Affected Products (7)

feep/libtar < 1.2.21

openatom/openeuler

openatom/openeuler

openatom/openeuler

fedoraproject/fedora

fedoraproject/fedora

fedoraproject/fedora

Timeline

Published Aug 10, 2022

Tracked Since Feb 18, 2026