CVE-2021-33640

CVSS V2 None CVSS V3 None
Description
After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result, the released memory is used (use-after-free).
Overview
  • CVE ID
  • CVE-2021-33640
  • Assigner
  • securities@openeuler.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-12-19T16:15:10
  • Last Modified Date
  • 2022-12-29T18:54:10
Weakness Enumerations
CWE URL
CWE-416 http://cwe.mitre.org/data/definitions/416.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:o:huawei:openeuler:20.03:sp1:*:*:lts:*:*:* 1 OR
cpe:2.3:o:huawei:openeuler:20.03:sp2:*:*:lts:*:*:* 1 OR
cpe:2.3:o:huawei:openeuler:22.03:*:*:*:lts:*:*:* 1 OR
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* 1 OR
References
Reference URL Reference Tags
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/
https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-33640&packageName=libtar
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2021-33640
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33640
History
Created Old Value New Value Data Type Notes
2022-12-19 16:16:52 Added to TrackCVE
2022-12-19 17:13:46 2022-12-19T16:15:10.840 2022-12-19T16:15:10 CVE Published Date updated
2022-12-19 17:13:46 2022-12-19T16:52:28 CVE Modified Date updated
2022-12-19 17:13:46 Received Awaiting Analysis Vulnerability Status updated
2022-12-21 21:14:08 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2022-12-21 21:14:08 Weakness Enumeration new
2022-12-22 17:15:28 2022-12-22T16:15:26 CVE Modified Date updated
2022-12-28 03:15:45 2022-12-28T03:15:09 CVE Modified Date updated
2022-12-28 03:15:46 References updated
2022-12-28 04:18:28 2022-12-28T04:15:09 CVE Modified Date updated
2022-12-28 04:18:29 References updated
2022-12-29 19:14:23 2022-12-29T18:54:10 CVE Modified Date updated
2022-12-29 19:14:23 Undergoing Analysis Analyzed Vulnerability Status updated
2022-12-29 19:14:24 CPE Information updated