CVE-2021-33643

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC/
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807	Broken Link Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/01/msg00026.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC/
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807	Broken Link Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:feep:libtar:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:openatom:openeuler:20.03:sp1:::lts:::*
	cpe:2.3:o:openatom:openeuler:20.03:sp3:::lts:::*
	cpe:2.3:o:openatom:openeuler:22.03::::lts:::

Configuration 3 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:35:::::::*
	cpe:2.3:o:fedoraproject:fedora:36:::::::*
	cpe:2.3:o:fedoraproject:fedora:37:::::::*

History

03 Nov 2025, 21:15

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2025/01/msg00026.html -

02 Apr 2025, 18:33

Type	Values Removed	Values Added
CPE	cpe:2.3:o:huawei:openeuler:20.03:sp3:::lts:::* cpe:2.3:o:huawei:openeuler:22.03::::lts::: cpe:2.3:o:huawei:openeuler:20.03:sp1:::lts:::*	cpe:2.3:o:openatom:openeuler:20.03:sp3:::lts:::* cpe:2.3:o:openatom:openeuler:22.03::::lts::: cpe:2.3:o:openatom:openeuler:20.03:sp1:::lts:::*
First Time		Openatom openeuler Openatom

Information

Published : 2022-08-10 20:15

Updated : 2025-11-03 21:15

NVD link : CVE-2021-33643

Mitre link : CVE-2021-33643

CVE.ORG link : CVE-2021-33643

JSON object : View

Products Affected

fedoraproject

fedora

feep

libtar

openatom

openeuler

CWE

CWE-125

Out-of-bounds Read

9.1 /10