CVE-2021-20193

CVE-2021-20193

Name

CVE-2021-20193

Description

A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Issue Tracking	https://savannah.gnu.org/bugs/?59897
Issue Tracking	https://bugzilla.redhat.com/show_bug.cgi?id=1917565
Mailing List	https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777
Third Party Advisory	https://security.gentoo.org/glsa/202105-29

Type

URI

Issue Tracking

https://savannah.gnu.org/bugs/?59897

Issue Tracking

https://bugzilla.redhat.com/show_bug.cgi?id=1917565

Mailing List

https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777

Third Party Advisory

https://security.gentoo.org/glsa/202105-29

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:gnu:tar::::::::`	tar	>= None	<= 1.33

CPE URI

Source package

Min version

Max version

cpe:2.3:a:gnu:tar:*:*:*:*:*:*:*:*

tar

>= None

<= 1.33

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
tar	3.13-main	1.34-r0	Carlo Landmeter <clandmeter@alpinelinux.org>	fixed
tar	3.12-main	1.32-r2	Carlo Landmeter <clandmeter@gmail.com>	fixed
tar	3.11-main	1.32-r2	Carlo Landmeter <clandmeter@gmail.com>	fixed
tar	3.10-main	1.32-r1	Carlo Landmeter <clandmeter@gmail.com>	fixed

Source package

Branch

Version

Maintainer

Status

tar

3.13-main

1.34-r0

Carlo Landmeter <clandmeter@alpinelinux.org>

fixed

tar

3.12-main