CVE-2021-33646
libtar: memory leak found in th_read() function
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak.
La función th_read() no libera una variable t-)th_buf.gnu_longname después de asignar memoria, lo que puede causar una pérdida de memoria
A flaw was found in libtar. This security vulnerability occurs because the th_read() function in libtar doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak.
The libtar packages contain a C library for manipulating tar archives. The library supports both the strict POSIX tar format and many of the commonly used GNU extensions. Issues addressed include memory leak and out of bounds read vulnerabilities.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-05-28 CVE Reserved
- 2022-08-09 CVE Published
- 2024-08-03 CVE Updated
- 2025-04-09 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-401: Missing Release of Memory after Effective Lifetime
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Feep Search vendor "Feep" | Libtar Search vendor "Feep" for product "Libtar" | < 1.2.21 Search vendor "Feep" for product "Libtar" and version " < 1.2.21" | - |
Affected
| ||||||
| Huawei Search vendor "Huawei" | Openeuler Search vendor "Huawei" for product "Openeuler" | 20.03 Search vendor "Huawei" for product "Openeuler" and version "20.03" | sp1, lts |
Affected
| ||||||
| Huawei Search vendor "Huawei" | Openeuler Search vendor "Huawei" for product "Openeuler" | 20.03 Search vendor "Huawei" for product "Openeuler" and version "20.03" | sp3, lts |
Affected
| ||||||
| Huawei Search vendor "Huawei" | Openeuler Search vendor "Huawei" for product "Openeuler" | 22.03 Search vendor "Huawei" for product "Openeuler" and version "22.03" | lts |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 36 Search vendor "Fedoraproject" for product "Fedora" and version "36" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 37 Search vendor "Fedoraproject" for product "Fedora" and version "37" | - |
Affected
| ||||||