OESA-2021-1173

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1173

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2021-1173.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2021-1173

Upstream

CVE-2021-20193

Published

2021-05-06T11:02:52Z

Modified

2025-08-12T05:06:55.983298Z

Summary

tar security update

Details

GNU Tar provides the ability to create tar archives, as well as various other kinds of manipulation. For example, you can use Tar on previously created archives to extract files, to store additional files, or to update or list files which were already stored.

Security Fix(es):

A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.(CVE-2021-20193)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:20.03-LTS-SP1 / tar

Package

Name: tar
Purl: pkg:rpm/openEuler/tar&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.32-2.oe1

Ecosystem specific

{
    "noarch": [
        "tar-help-1.32-2.oe1.noarch.rpm"
    ],
    "src": [
        "tar-1.32-2.oe1.src.rpm"
    ],
    "aarch64": [
        "tar-debugsource-1.32-2.oe1.aarch64.rpm",
        "tar-debuginfo-1.32-2.oe1.aarch64.rpm",
        "tar-1.32-2.oe1.aarch64.rpm"
    ],
    "x86_64": [
        "tar-debugsource-1.32-2.oe1.x86_64.rpm",
        "tar-1.32-2.oe1.x86_64.rpm",
        "tar-debuginfo-1.32-2.oe1.x86_64.rpm"
    ]
}