Vulnerability Description
After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result, the released memory is used (use-after-free).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openatom | Openeuler | 20.03 |
| Fedoraproject | Fedora | 36 |
Related Weaknesses (CWE)
References
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-33640&packageNaVendor Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-33640&packageNaVendor Advisory
FAQ
What is CVE-2021-33640?
CVE-2021-33640 is a vulnerability with a CVSS score of 6.2 (MEDIUM). After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t->th_buf) . As a res...
How severe is CVE-2021-33640?
CVE-2021-33640 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-33640?
Check the references section above for vendor advisories and patch information. Affected products include: Openatom Openeuler, Fedoraproject Fedora.