CVE-2021-20193

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.

References

https://savannah.gnu.org/bugs/?59897

https://bugzilla.redhat.com/show_bug.cgi?id=1917565

https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777

https://security.gentoo.org/glsa/202105-29

Details

Source: MITRE

Published: 2021-03-26

Updated: 2021-06-03

Type: CWE-125

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 5.5

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:gnu:tar:*:*:*:*:*:*:*:* versions up to 1.33 (inclusive)

Tenable Plugins

View all (17 total)

IDNameProductFamilySeverity
156535EulerOS Virtualization 3.0.2.6 : tar (EulerOS-SA-2021-2861)NessusHuawei Local Security Checks
medium
155523EulerOS Virtualization 2.9.0 : tar (EulerOS-SA-2021-2791)NessusHuawei Local Security Checks
medium
155513EulerOS Virtualization 2.9.1 : tar (EulerOS-SA-2021-2760)NessusHuawei Local Security Checks
medium
153710EulerOS 2.0 SP9 : tar (EulerOS-SA-2021-2543)NessusHuawei Local Security Checks
medium
153670EulerOS 2.0 SP9 : tar (EulerOS-SA-2021-2567)NessusHuawei Local Security Checks
medium
153661EulerOS 2.0 SP8 : tar (EulerOS-SA-2021-2488)NessusHuawei Local Security Checks
medium
153286EulerOS 2.0 SP2 : tar (EulerOS-SA-2021-2434)NessusHuawei Local Security Checks
medium
151780EulerOS 2.0 SP5 : tar (EulerOS-SA-2021-2232)NessusHuawei Local Security Checks
medium
151347EulerOS Virtualization for ARM 64 3.0.2.0 : tar (EulerOS-SA-2021-2114)NessusHuawei Local Security Checks
medium
151223EulerOS Virtualization 3.0.6.6 : tar (EulerOS-SA-2021-2036)NessusHuawei Local Security Checks
medium
150438Photon OS 2.0: Tar PHSA-2021-2.0-0352NessusPhotonOS Local Security Checks
medium
150243Photon OS 1.0: Tar PHSA-2021-1.0-0395NessusPhotonOS Local Security Checks
medium
149820Photon OS 3.0: Tar PHSA-2021-3.0-0239NessusPhotonOS Local Security Checks
medium
149145EulerOS 2.0 SP3 : tar (EulerOS-SA-2021-1854)NessusHuawei Local Security Checks
medium
148313openSUSE Security Update : tar (openSUSE-2021-494)NessusSuSE Local Security Checks
medium
148237SUSE SLED15 / SLES15 Security Update : tar (SUSE-SU-2021:0974-1)NessusSuSE Local Security Checks
medium
148233SUSE SLES12 Security Update : tar (SUSE-SU-2021:0975-1)NessusSuSE Local Security Checks
medium