Memory Consumption Vulnerability in Tar by GNU
CVE-2021-20193

3.3LOW

Key Information:

Vendor: Gnu
Status: Tar
Vendor: CVE Published:; 26 March 2021

What is CVE-2021-20193?

A flaw exists in the behavior of GNU Tar, specifically in src/list.c, that allows an attacker to induce uncontrolled memory consumption by submitting a specially crafted input file. This vulnerability poses threats to the availability of the system, as it can potentially lead to resource exhaustion if exploited effectively.

Affected Version(s)

tar 1.33 and earlier

References

https://bugzilla.redhat.com/show_bug.cgi?id=1917565

x_refsource_MISC

https://savannah.gnu.org/bugs/?59897

x_refsource_MISC

https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4...

x_refsource_MISC

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 26, 2021
Vulnerability Reserved
Dec 17, 2020

Gnu

What is CVE-2021-20193?

Affected Version(s)

References

CVSS V3.1

Timeline