Debian Libtar vulnerabilities

6 known vulnerabilities affecting debian/libtar.

Total CVEs

6

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

CRITICAL1HIGH3MEDIUM2

Vulnerabilities

Page 1 of 1

CVE-2021-33643CRITICALCVSS 9.1fixed in libtar 1.2.20-8+deb12u1 (bookworm)2021

CVE-2021-33643 [CRITICAL] CVE-2021-33643: libtar - An attacker who submits a crafted tar file with size in header struct being 0 ma... An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read. Scope: local bookworm: resolved (fixed in 1.2.20-8+deb12u1) bullseye: resolved (fixed in 1.2.20-8+deb12u1~deb11u1)

CVE-2021-33645HIGHCVSS 7.5fixed in libtar 1.2.20-8+deb12u1 (bookworm)2021

CVE-2021-33645 [HIGH] CVE-2021-33645: libtar - The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allo... The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak. Scope: local bookworm: resolved (fixed in 1.2.20-8+deb12u1) bullseye: resolved (fixed in 1.2.20-8+deb12u1~deb11u1)

CVE-2021-33646HIGHCVSS 7.5fixed in libtar 1.2.20-8+deb12u1 (bookworm)2021

CVE-2021-33646 [HIGH] CVE-2021-33646: libtar - The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allo... The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak. Scope: local bookworm: resolved (fixed in 1.2.20-8+deb12u1) bullseye: resolved (fixed in 1.2.20-8+deb12u1~deb11u1)

CVE-2021-33644HIGHCVSS 8.1fixed in libtar 1.2.20-8+deb12u1 (bookworm)2021

CVE-2021-33644 [HIGH] CVE-2021-33644: libtar - An attacker who submits a crafted tar file with size in header struct being 0 ma... An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read. Scope: local bookworm: resolved (fixed in 1.2.20-8+deb12u1) bullseye: resolved (fixed in 1.2.20-8+deb12u1~deb11u1)

CVE-2013-4420MEDIUMCVSS 5.8fixed in libtar 1.2.20-2 (bookworm)2013

CVE-2013-4420 [MEDIUM] CVE-2013-4420: libtar - Multiple directory traversal vulnerabilities in the (1) tar_extract_glob and (2)... Multiple directory traversal vulnerabilities in the (1) tar_extract_glob and (2) tar_extract_all functions in libtar 1.2.20 and earlier allow remote attackers to overwrite arbitrary files via a .. (dot dot) in a crafted tar file. Scope: local bookworm: resolved (fixed in 1.2.20-2) bullseye: resolved (fixed in 1.2.20-2)

CVE-2013-4397MEDIUMCVSS 6.8fixed in libtar 1.2.20-1 (bookworm)2013

CVE-2013-4397 [MEDIUM] CVE-2013-4397: libtar - Multiple integer overflows in the th_read function in lib/block.c in libtar befo... Multiple integer overflows in the th_read function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) name or (2) link in an archive, which triggers a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 1.2.20-1) bullseye: resolved (fixed in 1.2.20-1)