VDB
GCVE-110-MAGEIA-2022-335
GCVE-110-MAGEIA-2022-335
Advisory Published
An attacker who submits a crafted tar file with size in header struct
being 0 may be able to trigger an calling of malloc(0) for a variable
gnu_longlink, causing an out-of-bounds read. (CVE-2021-33643)
An attacker who submits a crafted tar file with size in header struct
being 0 may be able to trigger an calling of malloc(0) for a variable
gnu_longname, causing an out-of-bounds read. (CVE-2021-33644)
The th_read() function doesn't free a variable t->th_buf.gnu_longlink
after allocating memory, which may cause a memory leak. (CVE-2021-33645)
The th_read() function doesn't free a variable t->th_buf.gnu_longname
after allocating memory, which may cause a memory leak. (CVE-2021-33646)
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | libtar | 1.2.20-9.1.mga8 (unaffected), 0 (affected) | — |
Browse GCVE Records
73,053 records in the GCVE database · Updated July 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.