#VU50978 Memory leak in Tar - CVE-2021-20193

Cybersecurity Help s.r.o.

Published: 2021-02-28 | Updated: 2023-02-21

Vulnerability identifier: #VU50978

Vulnerability risk: Medium

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-20193

CWE-ID: CWE-401

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Tar
Client/Desktop applications / Software for archiving

Vendor: GNU

Description
The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak within the read_header() function in list.c. A remote attacker can pass specially crafted archive to the application and force it to leak memory, which eventually results in a denial of service condition.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Tar: 1.0 - 1.33

External links
https://bugzilla.redhat.com/show_bug.cgi?id=1917565
https://savannah.gnu.org/bugs/?59897
https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Juniper Networks Junos cRPD

Multiple vulnerabilities in Juniper Cloud Native Router

SUSE update for tar

Multiple vulnerabilities in cflinuxfs3

Ubuntu update for tar

Gentoo update for Tar

openEuler 20.03 LTS SP1 update for tar

SUSE update for tar

Arch Linux update for tar