CVE-2021-33643

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-33643
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.

9.1 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC/
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807 Broken Link Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:feep:libtar:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:huawei:openeuler:20.03:sp1:*:*:lts:*:*:*
cpe:2.3:o:huawei:openeuler:20.03:sp3:*:*:lts:*:*:*
cpe:2.3:o:huawei:openeuler:22.03:*:*:*:lts:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
History

23 Feb 2023, 16:16

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/ - Mailing List, Third Party Advisory
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/ - Mailing List, Third Party Advisory
References (MISC) https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807 - Third Party Advisory (MISC) https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807 - Broken Link, Third Party Advisory

16 Sep 2022, 20:01

Type Values Removed Values Added
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/ - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ/ - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC/ - Mailing List, Third Party Advisory
CPE cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

12 Sep 2022, 21:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/ -

05 Sep 2022, 01:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ/ -
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC/ -

13 Aug 2022, 00:17

Type Values Removed Values Added
References (MISC) https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807 - (MISC) https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807 - Third Party Advisory
CPE cpe:2.3:o:huawei:openeuler:20.03:sp1:*:*:lts:*:*:*
cpe:2.3:o:huawei:openeuler:22.03:*:*:*:lts:*:*:*
cpe:2.3:o:huawei:openeuler:20.03:sp3:*:*:lts:*:*:*
cpe:2.3:a:feep:libtar:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.1
CWE CWE-125

10 Aug 2022, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2022-08-10 20:15

Updated : 2024-02-04 22:51

NVD link : CVE-2021-33643

Mitre link : CVE-2021-33643

CVE.ORG link : CVE-2021-33643

JSON object : View

Products Affected

huawei

  • openeuler

feep

  • libtar

fedoraproject

  • fedora
CWE
CWE-125

Out-of-bounds Read