Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 778548 (CVE-2021-20193)

Summary: <app-arch/tar-1.34: uncontrolled memory consumption (CVE-2021-20193)
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: base-system
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://savannah.gnu.org/bugs/?59897
Whiteboard: A3 [glsa+ cve]
Package list:
Runtime testing required: ---
Bug Depends on: 777729    
Bug Blocks:    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-03-27 04:27:18 UTC 
CVE-2021-20193:

A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.


Maintainers, please stabilize tar >=1.33
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-04-06 00:03:21 UTC 
Please cleanup.
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2021-05-24 01:03:04 UTC 
New GLSA request filed.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2021-05-26 10:28:26 UTC 
This issue was resolved and addressed in
 GLSA 202105-29 at https://security.gentoo.org/glsa/202105-29
by GLSA coordinator Thomas Deutschmann (whissi).