VDB
CVE-2021-20193
CVE-2021-20193
PUBLISHED
A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.
EPSS 0.07% · 21.4th percentile
Risk Scores
EPSS Score
0.07%
21.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:22.04:LTS | tar | 0 |
| Ubuntu:18.04:LTS | tar | 0, *, 1.29b-2 |
| Ubuntu:Pro:16.04:LTS | tar | 1.27.1-2, 1.28-2ubuntu1, 1.28-2.1 |
| Ubuntu:20.04:LTS | tar | 1.30+dfsg-7, 0, 1.30+dfsg-7ubuntu0.20.04.1 |
| Ubuntu:Pro:14.04:LTS | tar | 0, 1.26+dfsg-8, 1.27-4 |
Exploit Intelligence
- CVE-2025-38062.yara (github-yara)
- CVE-2025-38062.yara (github-yara)
- CVE-2025-38062.yara (github-yara)
- CVE-2025-38062.yara (github-yara)
- CVE-2025-38062.yara (github-yara)
- CVE-2025-38062.yara (github-yara)
- CVE-2025-38062.yara (github-yara)
- CVE-2025-38062.yara (github-yara)
- TestCommand.yaml (github-poc)
- TestCommand.yaml (github-poc)
…and 6 more exploits
Timeline
- Jan 18, 2021 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-20193 third-party-advisory
- https://savannah.gnu.org/bugs/?59897 third-party-advisory
- https://ubuntu.com/security/notices/USN-5329-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-20193 third-party-advisory