CVE-2021-33640

After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result, the released memory is used (use-after-free).

Published: Dec 19, 2022
Updated: Apr 14, 2023
CVE: CVE-2021-33640
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-416

Affected Software
References

Software	From	Fixed in
fedoraproject / fedora	36	36.x
fedoraproject / fedora	37	37.x
openatom / openeuler	20.03-sp1	20.03-sp1.x
openatom / openeuler	20.03-sp2	20.03-sp2.x
openatom / openeuler	22.03	22.03.x

https://lists.fedoraproject.org/archives/list/[email protected]/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/
https://lists.fedoraproject.org/archives/list/[email protected]/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/
https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-33640&packageName=libtar

Vulnerability Database

289,784

CVE-2021-33640