Memory Consumption Vulnerability in Tar by GNU
CVE-2021-20193

3.3LOW

Key Information:

Vendor
Gnu
Status
Tar
Vendor
CVE Published:
26 March 2021

Summary

A flaw exists in the behavior of GNU Tar, specifically in src/list.c, that allows an attacker to induce uncontrolled memory consumption by submitting a specially crafted input file. This vulnerability poses threats to the availability of the system, as it can potentially lead to resource exhaustion if exploited effectively.

Affected Version(s)

tar 1.33 and earlier

References

https://bugzilla.redhat.com/show_bug.cgi?id=1917565
x_refsource_MISC
https://savannah.gnu.org/bugs/?59897
x_refsource_MISC
https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4...
x_refsource_MISC

CVSS V3.1

Score:
3.3
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.