CVE-2021-33640

Severity CVSS v4.0:
Pending analysis
Type:
CWE-416 Use After Free
Publication date:
19/12/2022
Last modified:
02/04/2025

Description

After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result, the released memory is used (use-after-free).

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:openatom:openeuler:20.03:sp1:*:*:lts:*:*:*
cpe:2.3:o:openatom:openeuler:20.03:sp2:*:*:lts:*:*:*
cpe:2.3:o:openatom:openeuler:22.03:*:*:*:lts:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*