CVE-2021-20193
Ubuntu Security Notice USN-5329-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.
Se detectó un fallo en el archivo src/list.c de tar versiones 1.33 y anteriores. Este fallo permite a un atacante que puede enviar un archivo de entrada diseñado a tar causar un consumo no controlado de memoria. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema.
An update that fixes one vulnerability is now available. This update for tar fixes the following issues. Memory leak in read_header in list.c This update was imported from the SUSE:SLE-15:Update update project.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-12-17 CVE Reserved
- 2021-03-26 CVE Published
- 2024-08-03 CVE Updated
- 2025-07-13 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
- CWE-401: Missing Release of Memory after Effective Lifetime
CAPEC
References (4)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1917565 | 2023-11-07 | |
| https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777 | 2023-11-07 | |
| https://savannah.gnu.org/bugs/?59897 | 2023-11-07 |
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/202105-29 | 2023-11-07 |