Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 778548 (CVE-2021-20193) - <app-arch/tar-1.34: uncontrolled memory consumption (CVE-2021-20193)
Summary: <app-arch/tar-1.34: uncontrolled memory consumption (CVE-2021-20193)
Alias: CVE-2021-20193
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: A3 [glsa+ cve]
Depends on: 777729
  Show dependency tree
Reported: 2021-03-27 04:27 UTC by John Helmert III
Modified: 2021-05-26 10:28 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-03-27 04:27:18 UTC

A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.

Maintainers, please stabilize tar >=1.33
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-04-06 00:03:21 UTC
Please cleanup.
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2021-05-24 01:03:04 UTC
New GLSA request filed.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2021-05-26 10:28:26 UTC
This issue was resolved and addressed in
 GLSA 202105-29 at
by GLSA coordinator Thomas Deutschmann (whissi).