All vulnerabilities

CVE-2021-33643

Description

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Score
9.1
Severity
Critical
Ecosystem
RPM
Publish Date
August 10, 2022
Modified Date
April 16, 2026
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Affected Versions