Your submission was sent successfully! Close

CVE-2021-20193

Published: 26 March 2021

A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.

Priority

Low

CVSS 3 base score: 5.5

Status

Package Release Status
tar
Launchpad, Ubuntu, Debian
bionic
Released (1.29b-2ubuntu0.3)
focal
Released (1.30+dfsg-7ubuntu0.20.04.2)
groovy Ignored
(reached end-of-life)
hirsute
Released (1.34+dfsg-1build1)
impish
Released (1.34+dfsg-1build1)
precise Ignored
(end of ESM support, was needs-triage)
trusty
Released (1.27.1-1ubuntu0.1+esm2)
upstream
Released (1.34)
xenial
Released (1.28-2.1ubuntu0.2+esm1)