CVE-2021-33646 – libtar: memory leak found in th_read() function
https://notcve.org/view.php?id=CVE-2021-33646
The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak. La función th_read() no libera una variable t-)th_buf.gnu_longname después de asignar memoria, lo que puede causar una pérdida de memoria A flaw was found in libtar. This security vulnerability occurs because the th_read() function in libtar doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T https://lists.fedoraproject.org/archives/list/package-announce%40li • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2021-33656 – kernel: when setting font with malicious data by ioctl PIO_FONT, kernel will write memory out of bounds
https://notcve.org/view.php?id=CVE-2021-33656
When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds. Cuando es establecida la fuente con datos maliciosos por ioctl cmd PIO_FONT, el kernel escribirá memoria fuera de límites An out-of-bounds write flaw was found in the Linux kernel’s console driver functionality in the way a user triggers the ioctl PIO_FONT with malicious data. This flaw allows a local user to crash or potentially escalate their privileges on the system. • http://www.openwall.com/lists/oss-security/2022/07/19/3 https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/releases/5.10.127/vt-drop-old-font-ioctls.patch https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-33656&packageName=kernel https://access.redhat.com/security/cve/CVE-2021-33656 https://bugzilla.redhat.com/show_bug.cgi?id=2108696 • CWE-787: Out-of-bounds Write •
CVE-2021-33658
https://notcve.org/view.php?id=CVE-2021-33658
atune before 0.3-0.8 log in as a local user and run the curl command to access the local atune url interface to escalate the local privilege or modify any file. Authentication is not forcibly enabled in the default configuration. atune versiones anteriores a 0.3-0.8, es registrado como un usuario local y ejecuta el comando curl para acceder a la interfaz url local de atune para escalar el privilegio local o modificar cualquier archivo. La autenticación no está habilitada a la fuerza en la configuración por defecto • https://www.openeuler.org/zh/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1541 • CWE-306: Missing Authentication for Critical Function •