CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-33631 – Kernel crash in EXT4 filesystem
https://notcve.org/view.php?id=CVE-2021-33631
Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, from 5.10.0-60.18.0 before 5.10.0-183.0.0. La vulnerabilidad de desbordamiento de enteros o envoltura en el kernel openEuler en Linux (módulos del sistema de archivos) permite el desbordamiento de enteros forzado. Este problema afecta al kernel de openEuler: desde 4.19.90 antes de 4.19.90-2401.3, desde 5.10.0-60.18.0 antes de 5.10.0-183.0 .0. A flaw was found in the openEuler kernel in Linux filesystem modules that allows an integer overflow via mounting a corrupted filesystem. This issue affects the openEuler kernel in versions from 4.19.90 through 4.19.90-2401.3 and 5.10.0-60.18.0 through 5.10.0-183.0.0. • http://www.openwall.com/lists/oss-security/2024/01/30/10 http://www.openwall.com/lists/oss-security/2024/01/30/3 http://www.openwall.com/lists/oss-security/2024/01/30/4 http://www.openwall.com/lists/oss-security/2024/01/30/5 http://www.openwall.com/lists/oss-security/2024/01/30/9 http://www.openwall.com/lists/oss-security/2024/01/31/2 http://www.openwall.com/lists/oss-security/2024/01/31/3 http://www.openwall.com/lists/oss-security/202 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33630 – NULL-ptr-deref in network sched
https://notcve.org/view.php?id=CVE-2021-33630
NULL Pointer Dereference vulnerability in openEuler kernel on Linux (network modules) allows Pointer Manipulation. This vulnerability is associated with program files net/sched/sch_cbs.C. This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3. La vulnerabilidad de desreferencia de puntero NULL en el kernel openEuler en Linux (módulos de red) permite la manipulación de puntero. Esta vulnerabilidad está asociada con los archivos de programa net/sched/sch_cbs.C. Este problema afecta al kernel de openEuler: desde 4.19.90 antes de 4.19.90-2401.3. • http://www.openwall.com/lists/oss-security/2024/01/30/10 http://www.openwall.com/lists/oss-security/2024/01/30/3 http://www.openwall.com/lists/oss-security/2024/01/30/4 http://www.openwall.com/lists/oss-security/2024/01/30/5 http://www.openwall.com/lists/oss-security/2024/01/30/9 http://www.openwall.com/lists/oss-security/2024/01/31/2 http://www.openwall.com/lists/oss-security/2024/01/31/3 http://www.openwall.com/lists/oss-security/202 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-33640
https://notcve.org/view.php?id=CVE-2021-33640
After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result, the released memory is used (use-after-free). Después de tar_close(), libtar.c libera la memoria a la que apunta el puntero t. Después de llamar a tar_close() en la función list(), continúa usando el puntero t: free_longlink_longname(t->th_buf). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-33640&packageName=libtar • CWE-416: Use After Free •
CVSS: 8.1EPSS: 0%CPEs: 7EXPL: 0CVE-2021-33644 – libtar: out-of-bounds read in gnu_longname
https://notcve.org/view.php?id=CVE-2021-33644
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read. Un atacante que envía un archivo tar diseñado con el tamaño de la estructura de cabecera siendo 0 puede ser capaz de desencadenar una llamada de malloc(0) para una variable gnu_longname, causando una lectura fuera de límites A flaw was found in libtar. This flaw allows an attacker who submits a crafted tar file with size in header struct being 0 to trigger a calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T https://lists.fedoraproject.org/archives/list/package-announce%40li • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-33646 – libtar: memory leak found in th_read() function
https://notcve.org/view.php?id=CVE-2021-33646
The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak. La función th_read() no libera una variable t-)th_buf.gnu_longname después de asignar memoria, lo que puede causar una pérdida de memoria A flaw was found in libtar. This security vulnerability occurs because the th_read() function in libtar doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T https://lists.fedoraproject.org/archives/list/package-announce%40li • CWE-401: Missing Release of Memory after Effective Lifetime •