Tar
CVE-2021-20193
LOW
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Lifecycle Timeline
1DescriptionNVD
A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.
AnalysisAI
A flaw was found in the src/list.c of tar 1.33 and earlier. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.
Technical ContextAI
This vulnerability is classified as Memory Leak (CWE-401), which allows attackers to exhaust available memory leading to denial of service. A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability. Affected products include: Gnu Tar.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Ensure all allocated memory is properly freed. Use RAII patterns or garbage-collected languages.
Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote atta
node-tar before version 7.5.7 contains a path traversal vulnerability where inconsistent path resolution between validat
Arbitrary file overwrite in node-tar before 7.5.10 lets a malicious tar archive write files outside the intended extract
Arbitrary file overwrite and symlink poisoning in the node-tar library (versions <= 7.5.2) lets a malicious tar archive
An issue was discovered in the tar crate before 0.4.36 for Rust. Rated high severity (CVSS 7.5), this vulnerability is r
Path traversal in node-tar versions 7.5.7 and earlier allows local attackers to read and write arbitrary files outside t
node-tar is a Tar for Node.js. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authenti
Symlink poisoning via race condition in node-tar up to version 7.5.3 allows attackers to exploit Unicode normalization o
GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to c
The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite
The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite
The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite a
Same weakness CWE-401 – Memory Leak
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today