CVE-2021-33640 — Use After Free in Azl3 Libtar 1.2.20-11 ON Azure Linux 3.0

CWE-416 — Use After Free4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

0.3%

top 48.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openeuler 20.03 LTS SP1 Openeuler 20.03 LTS SP3 Openeuler 22.03 LTS +11 more

Timeline

PublishedDec 19

Description

After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result, the released memory is used (use-after-free).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages13 packages

▶msrcmsrc/cm1_libtar_1.2.20-11_on_cbl_mariner_1.0

▶msrcmsrc/azl3_libtar_1.2.20-11_on_azure_linux_3.0

▶msrcmsrc/cbl2_libtar_1.2.20-11_on_cbl_mariner_2.0

▶NVDopenatom/openeuler20.03, 22.03+1

▶msrcmsrc/azure_linux_3.0_arm

Also affects: Fedora 36, 37

🔴Vulnerability Details

GHSA

GHSA-pjrv-5vw3-5frj: After tar_close(), libtar↗2022-12-19

▶

📋Vendor Advisories

Microsoft

After tar_close() libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function it continues to use pointer t: free_longlink_longname(t->th_buf) . As a resul↗2022-12-13

▶

Red Hat

libtar: fixes for CVE-2021-33645 and CVE-2021-33646 introduced new use-after-free bugs in libtar↗2022-12-09

▶