CVE-2021-20193
Description
A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.
References
Issue TrackingPatchVendor Advisory
Issue TrackingPatchThird Party Advisory
Mailing ListPatchThird Party Advisory
CvssV3 impact
BaseSeverity | MEDIUM |
ConfidentialityImpact | NONE |
AttackComplexity | LOW |
Scope | UNCHANGED |
AttackVector | LOCAL |
AvailabilityImpact | HIGH |
IntegrityImpact | NONE |
PrivilegesRequired | NONE |
BaseScore | 5.5 |
VectorString | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Version | 3.1 |
UserInteraction | REQUIRED |
CvssV2 impact
AccessComplexity | MEDIUM |
ConfidentialityImpact | NONE |
AvailabilityImpact | PARTIAL |
IntegrityImpact | NONE |
BaseScore | 4.3 |
VectorString | AV:N/AC:M/Au:N/C:N/I:N/A:P |
Version | 2.0 |
AccessVector | NETWORK |
Authentication | NONE |