csaf_suse - suse-su-2022:1548-1

suse-su-2022:1548-1

Vulnerability from csaf_suse

Published

2022-05-05 14:45

Modified

2022-05-05 14:45

Summary

Security update for tar

Notes

Title of the patch

Security update for tar

Description of the patch

This update for tar fixes the following issues: - CVE-2021-20193: Fixed a memory leak in read_header() in list.c (bsc#1181131). - CVE-2019-9923: Fixed a null-pointer dereference in pax_decode_header in sparse.c (bsc#1130496). - CVE-2018-20482: Fixed infinite read loop in sparse_dump_region in sparse.c (bsc#1120610). - Update to GNU tar 1.34: * Fix extraction over pipe * Fix memory leak in read_header (CVE-2021-20193) (bsc#1181131) * Fix extraction when . and .. are unreadable * Gracefully handle duplicate symlinks when extracting * Re-initialize supplementary groups when switching to user privileges - Update to GNU tar 1.33: * POSIX extended format headers do not include PID by default * --delay-directory-restore works for archives with reversed member ordering * Fix extraction of a symbolic link hardlinked to another symbolic link * Wildcards in exclude-vcs-ignore mode don't match slash * Fix the --no-overwrite-dir option * Fix handling of chained renames in incremental backups * Link counting works for file names supplied with -T * Accept only position-sensitive (file-selection) options in file list files - prepare usrmerge (bsc#1029961) - Update to GNU 1.32 * Fix the use of --checkpoint without explicit --checkpoint-action * Fix extraction with the -U option * Fix iconv usage on BSD-based systems * Fix possible NULL dereference (savannah bug #55369) [bsc#1130496] [CVE-2019-9923] * Improve the testsuite - Update to GNU 1.31 * Fix heap-buffer-overrun with --one-top-level, bug introduced with the addition of that option in 1.28 * Support for zstd compression * New option '--zstd' instructs tar to use zstd as compression program. When listing, extractng and comparing, zstd compressed archives are recognized automatically. When '-a' option is in effect, zstd compression is selected if the destination archive name ends in '.zst' or '.tzst'. * The -K option interacts properly with member names given in the command line. Names of members to extract can be specified along with the '-K NAME' option. In this case, tar will extract NAME and those of named members that appear in the archive after it, which is consistent with the semantics of the option. Previous versions of tar extracted NAME, those of named members that appeared before it, and everything after it. * Fix CVE-2018-20482 - When creating archives with the --sparse option, previous versions of tar would loop endlessly if a sparse file had been truncated while being archived.

Patchnames

SUSE-2022-1548,SUSE-SLE-Module-Basesystem-15-SP3-2022-1548,SUSE-SLE-Product-RT-15-SP2-2022-1548,SUSE-SUSE-MicroOS-5.0-2022-1548,SUSE-SUSE-MicroOS-5.1-2022-1548,SUSE-SUSE-MicroOS-5.2-2022-1548,openSUSE-SLE-15.3-2022-1548

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for tar",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for tar fixes the following issues:\n\n- CVE-2021-20193: Fixed a memory leak in read_header() in list.c (bsc#1181131).\n- CVE-2019-9923: Fixed a null-pointer dereference in pax_decode_header in sparse.c (bsc#1130496).\n- CVE-2018-20482: Fixed infinite read loop in sparse_dump_region in sparse.c (bsc#1120610).\n\n- Update to GNU tar 1.34:\n  * Fix extraction over pipe\n  * Fix memory leak in read_header (CVE-2021-20193) (bsc#1181131)\n  * Fix extraction when . and .. are unreadable\n  * Gracefully handle duplicate symlinks when extracting\n  * Re-initialize supplementary groups when switching to user\n    privileges\n\n- Update to GNU tar 1.33:\n  * POSIX extended format headers do not include PID by default\n  * --delay-directory-restore works for archives with reversed\n    member ordering\n  * Fix extraction of a symbolic link hardlinked to another\n    symbolic link\n  * Wildcards in exclude-vcs-ignore mode don\u0027t match slash\n  * Fix the --no-overwrite-dir option\n  * Fix handling of chained renames in incremental backups\n  * Link counting works for file names supplied with -T\n  * Accept only position-sensitive (file-selection) options in file\n    list files\n\n- prepare usrmerge (bsc#1029961)\n\n- Update to GNU 1.32\n  * Fix the use of --checkpoint without explicit --checkpoint-action\n  * Fix extraction with the -U option\n  * Fix iconv usage on BSD-based systems\n  * Fix possible NULL dereference (savannah bug #55369)\n    [bsc#1130496] [CVE-2019-9923]\n  * Improve the testsuite\n\n- Update to GNU 1.31\n  * Fix heap-buffer-overrun with --one-top-level, bug introduced\n    with the addition of that option in 1.28\n  * Support for zstd compression\n  * New option \u0027--zstd\u0027 instructs tar to use zstd as compression\n    program. When listing, extractng and comparing, zstd compressed\n    archives are recognized automatically. When \u0027-a\u0027 option is in\n    effect, zstd compression is selected if the destination archive\n    name ends in \u0027.zst\u0027 or \u0027.tzst\u0027.\n  * The -K option interacts properly with member names given in the\n    command line. Names of members to extract can be specified along\n    with the \u0027-K NAME\u0027 option. In this case, tar will extract NAME\n    and those of named members that appear in the archive after it,\n    which is consistent with the semantics of the option. Previous\n    versions of tar extracted NAME, those of named members that\n    appeared before it, and everything after it.\n  * Fix CVE-2018-20482 - When creating archives with the --sparse\n    option, previous versions of tar would loop endlessly if a\n    sparse file had been truncated while being archived.\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2022-1548,SUSE-SLE-Module-Basesystem-15-SP3-2022-1548,SUSE-SLE-Product-RT-15-SP2-2022-1548,SUSE-SUSE-MicroOS-5.0-2022-1548,SUSE-SUSE-MicroOS-5.1-2022-1548,SUSE-SUSE-MicroOS-5.2-2022-1548,openSUSE-SLE-15.3-2022-1548",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_1548-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2022:1548-1",
        "url": "https://www.suse.com/support/update/announcement/2022/suse-su-20221548-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2022:1548-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-May/010950.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1029961",
        "url": "https://bugzilla.suse.com/1029961"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1120610",
        "url": "https://bugzilla.suse.com/1120610"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1130496",
        "url": "https://bugzilla.suse.com/1130496"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1181131",
        "url": "https://bugzilla.suse.com/1181131"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-20482 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-20482/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-9923 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-9923/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-20193 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-20193/"
      }
    ],
    "title": "Security update for tar",
    "tracking": {
      "current_release_date": "2022-05-05T14:45:44Z",
      "generator": {
        "date": "2022-05-05T14:45:44Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2022:1548-1",
      "initial_release_date": "2022-05-05T14:45:44Z",
      "revision_history": [
        {
          "date": "2022-05-05T14:45:44Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tar-1.34-150000.3.12.1.aarch64",
                "product": {
                  "name": "tar-1.34-150000.3.12.1.aarch64",
                  "product_id": "tar-1.34-150000.3.12.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "tar-rmt-1.34-150000.3.12.1.aarch64",
                "product": {
                  "name": "tar-rmt-1.34-150000.3.12.1.aarch64",
                  "product_id": "tar-rmt-1.34-150000.3.12.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "tar-tests-1.34-150000.3.12.1.aarch64",
                "product": {
                  "name": "tar-tests-1.34-150000.3.12.1.aarch64",
                  "product_id": "tar-tests-1.34-150000.3.12.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tar-1.34-150000.3.12.1.i586",
                "product": {
                  "name": "tar-1.34-150000.3.12.1.i586",
                  "product_id": "tar-1.34-150000.3.12.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "tar-rmt-1.34-150000.3.12.1.i586",
                "product": {
                  "name": "tar-rmt-1.34-150000.3.12.1.i586",
                  "product_id": "tar-rmt-1.34-150000.3.12.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "tar-tests-1.34-150000.3.12.1.i586",
                "product": {
                  "name": "tar-tests-1.34-150000.3.12.1.i586",
                  "product_id": "tar-tests-1.34-150000.3.12.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tar-backup-scripts-1.34-150000.3.12.1.noarch",
                "product": {
                  "name": "tar-backup-scripts-1.34-150000.3.12.1.noarch",
                  "product_id": "tar-backup-scripts-1.34-150000.3.12.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tar-doc-1.34-150000.3.12.1.noarch",
                "product": {
                  "name": "tar-doc-1.34-150000.3.12.1.noarch",
                  "product_id": "tar-doc-1.34-150000.3.12.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tar-lang-1.34-150000.3.12.1.noarch",
                "product": {
                  "name": "tar-lang-1.34-150000.3.12.1.noarch",
                  "product_id": "tar-lang-1.34-150000.3.12.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tar-1.34-150000.3.12.1.ppc64le",
                "product": {
                  "name": "tar-1.34-150000.3.12.1.ppc64le",
                  "product_id": "tar-1.34-150000.3.12.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "tar-rmt-1.34-150000.3.12.1.ppc64le",
                "product": {
                  "name": "tar-rmt-1.34-150000.3.12.1.ppc64le",
                  "product_id": "tar-rmt-1.34-150000.3.12.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "tar-tests-1.34-150000.3.12.1.ppc64le",
                "product": {
                  "name": "tar-tests-1.34-150000.3.12.1.ppc64le",
                  "product_id": "tar-tests-1.34-150000.3.12.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tar-1.34-150000.3.12.1.s390x",
                "product": {
                  "name": "tar-1.34-150000.3.12.1.s390x",
                  "product_id": "tar-1.34-150000.3.12.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "tar-rmt-1.34-150000.3.12.1.s390x",
                "product": {
                  "name": "tar-rmt-1.34-150000.3.12.1.s390x",
                  "product_id": "tar-rmt-1.34-150000.3.12.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "tar-tests-1.34-150000.3.12.1.s390x",
                "product": {
                  "name": "tar-tests-1.34-150000.3.12.1.s390x",
                  "product_id": "tar-tests-1.34-150000.3.12.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tar-1.34-150000.3.12.1.x86_64",
                "product": {
                  "name": "tar-1.34-150000.3.12.1.x86_64",
                  "product_id": "tar-1.34-150000.3.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "tar-rmt-1.34-150000.3.12.1.x86_64",
                "product": {
                  "name": "tar-rmt-1.34-150000.3.12.1.x86_64",
                  "product_id": "tar-rmt-1.34-150000.3.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "tar-tests-1.34-150000.3.12.1.x86_64",
                "product": {
                  "name": "tar-tests-1.34-150000.3.12.1.x86_64",
                  "product_id": "tar-tests-1.34-150000.3.12.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
                  "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-basesystem:15:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Real Time 15 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Real Time 15 SP2",
                  "product_id": "SUSE Linux Enterprise Real Time 15 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_rt:15:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Micro 5.0",
                "product": {
                  "name": "SUSE Linux Enterprise Micro 5.0",
                  "product_id": "SUSE Linux Enterprise Micro 5.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-microos:5.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Micro 5.1",
                "product": {
                  "name": "SUSE Linux Enterprise Micro 5.1",
                  "product_id": "SUSE Linux Enterprise Micro 5.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-microos:5.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Micro 5.2",
                "product": {
                  "name": "SUSE Linux Enterprise Micro 5.2",
                  "product_id": "SUSE Linux Enterprise Micro 5.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-microos:5.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.3",
                "product": {
                  "name": "openSUSE Leap 15.3",
                  "product_id": "openSUSE Leap 15.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tar-1.34-150000.3.12.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-1.34-150000.3.12.1.aarch64"
        },
        "product_reference": "tar-1.34-150000.3.12.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tar-1.34-150000.3.12.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-1.34-150000.3.12.1.ppc64le"
        },
        "product_reference": "tar-1.34-150000.3.12.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tar-1.34-150000.3.12.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-1.34-150000.3.12.1.s390x"
        },
        "product_reference": "tar-1.34-150000.3.12.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tar-1.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-1.34-150000.3.12.1.x86_64"
        },
        "product_reference": "tar-1.34-150000.3.12.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tar-lang-1.34-150000.3.12.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-lang-1.34-150000.3.12.1.noarch"
        },
        "product_reference": "tar-lang-1.34-150000.3.12.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tar-rmt-1.34-150000.3.12.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-rmt-1.34-150000.3.12.1.aarch64"
        },
        "product_reference": "tar-rmt-1.34-150000.3.12.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tar-rmt-1.34-150000.3.12.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-rmt-1.34-150000.3.12.1.ppc64le"
        },
        "product_reference": "tar-rmt-1.34-150000.3.12.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tar-rmt-1.34-150000.3.12.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-rmt-1.34-150000.3.12.1.s390x"
        },
        "product_reference": "tar-rmt-1.34-150000.3.12.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tar-rmt-1.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-rmt-1.34-150000.3.12.1.x86_64"
        },
        "product_reference": "tar-rmt-1.34-150000.3.12.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tar-1.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise Real Time 15 SP2",
          "product_id": "SUSE Linux Enterprise Real Time 15 SP2:tar-1.34-150000.3.12.1.x86_64"
        },
        "product_reference": "tar-1.34-150000.3.12.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Real Time 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tar-lang-1.34-150000.3.12.1.noarch as component of SUSE Linux Enterprise Real Time 15 SP2",
          "product_id": "SUSE Linux Enterprise Real Time 15 SP2:tar-lang-1.34-150000.3.12.1.noarch"
        },
        "product_reference": "tar-lang-1.34-150000.3.12.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Real Time 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tar-rmt-1.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise Real Time 15 SP2",
          "product_id": "SUSE Linux Enterprise Real Time 15 SP2:tar-rmt-1.34-150000.3.12.1.x86_64"
        },
        "product_reference": "tar-rmt-1.34-150000.3.12.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Real Time 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tar-1.34-150000.3.12.1.aarch64 as component of SUSE Linux Enterprise Micro 5.0",
          "product_id": "SUSE Linux Enterprise Micro 5.0:tar-1.34-150000.3.12.1.aarch64"
        },
        "product_reference": "tar-1.34-150000.3.12.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tar-1.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise Micro 5.0",
          "product_id": "SUSE Linux Enterprise Micro 5.0:tar-1.34-150000.3.12.1.x86_64"
        },
        "product_reference": "tar-1.34-150000.3.12.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tar-1.34-150000.3.12.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
          "product_id": "SUSE Linux Enterprise Micro 5.1:tar-1.34-150000.3.12.1.aarch64"
        },
        "product_reference": "tar-1.34-150000.3.12.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tar-1.34-150000.3.12.1.s390x as component of SUSE Linux Enterprise Micro 5.1",
          "product_id": "SUSE Linux Enterprise Micro 5.1:tar-1.34-150000.3.12.1.s390x"
        },
        "product_reference": "tar-1.34-150000.3.12.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tar-1.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
          "product_id": "SUSE Linux Enterprise Micro 5.1:tar-1.34-150000.3.12.1.x86_64"
        },
        "product_reference": "tar-1.34-150000.3.12.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tar-1.34-150000.3.12.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
          "product_id": "SUSE Linux Enterprise Micro 5.2:tar-1.34-150000.3.12.1.aarch64"
        },
        "product_reference": "tar-1.34-150000.3.12.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tar-1.34-150000.3.12.1.s390x as component of SUSE Linux Enterprise Micro 5.2",
          "product_id": "SUSE Linux Enterprise Micro 5.2:tar-1.34-150000.3.12.1.s390x"
        },
        "product_reference": "tar-1.34-150000.3.12.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tar-1.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
          "product_id": "SUSE Linux Enterprise Micro 5.2:tar-1.34-150000.3.12.1.x86_64"
        },
        "product_reference": "tar-1.34-150000.3.12.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tar-1.34-150000.3.12.1.aarch64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:tar-1.34-150000.3.12.1.aarch64"
        },
        "product_reference": "tar-1.34-150000.3.12.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tar-1.34-150000.3.12.1.ppc64le as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:tar-1.34-150000.3.12.1.ppc64le"
        },
        "product_reference": "tar-1.34-150000.3.12.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tar-1.34-150000.3.12.1.s390x as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:tar-1.34-150000.3.12.1.s390x"
        },
        "product_reference": "tar-1.34-150000.3.12.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tar-1.34-150000.3.12.1.x86_64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:tar-1.34-150000.3.12.1.x86_64"
        },
        "product_reference": "tar-1.34-150000.3.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tar-backup-scripts-1.34-150000.3.12.1.noarch as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:tar-backup-scripts-1.34-150000.3.12.1.noarch"
        },
        "product_reference": "tar-backup-scripts-1.34-150000.3.12.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tar-doc-1.34-150000.3.12.1.noarch as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:tar-doc-1.34-150000.3.12.1.noarch"
        },
        "product_reference": "tar-doc-1.34-150000.3.12.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tar-lang-1.34-150000.3.12.1.noarch as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:tar-lang-1.34-150000.3.12.1.noarch"
        },
        "product_reference": "tar-lang-1.34-150000.3.12.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tar-rmt-1.34-150000.3.12.1.aarch64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:tar-rmt-1.34-150000.3.12.1.aarch64"
        },
        "product_reference": "tar-rmt-1.34-150000.3.12.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tar-rmt-1.34-150000.3.12.1.ppc64le as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:tar-rmt-1.34-150000.3.12.1.ppc64le"
        },
        "product_reference": "tar-rmt-1.34-150000.3.12.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tar-rmt-1.34-150000.3.12.1.s390x as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:tar-rmt-1.34-150000.3.12.1.s390x"
        },
        "product_reference": "tar-rmt-1.34-150000.3.12.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tar-rmt-1.34-150000.3.12.1.x86_64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:tar-rmt-1.34-150000.3.12.1.x86_64"
        },
        "product_reference": "tar-rmt-1.34-150000.3.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tar-tests-1.34-150000.3.12.1.aarch64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:tar-tests-1.34-150000.3.12.1.aarch64"
        },
        "product_reference": "tar-tests-1.34-150000.3.12.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tar-tests-1.34-150000.3.12.1.ppc64le as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:tar-tests-1.34-150000.3.12.1.ppc64le"
        },
        "product_reference": "tar-tests-1.34-150000.3.12.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tar-tests-1.34-150000.3.12.1.s390x as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:tar-tests-1.34-150000.3.12.1.s390x"
        },
        "product_reference": "tar-tests-1.34-150000.3.12.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tar-tests-1.34-150000.3.12.1.x86_64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:tar-tests-1.34-150000.3.12.1.x86_64"
        },
        "product_reference": "tar-tests-1.34-150000.3.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-20482",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-20482"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user\u0027s process (e.g., a system backup running as root).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.0:tar-1.34-150000.3.12.1.aarch64",
          "SUSE Linux Enterprise Micro 5.0:tar-1.34-150000.3.12.1.x86_64",
          "SUSE Linux Enterprise Micro 5.1:tar-1.34-150000.3.12.1.aarch64",
          "SUSE Linux Enterprise Micro 5.1:tar-1.34-150000.3.12.1.s390x",
          "SUSE Linux Enterprise Micro 5.1:tar-1.34-150000.3.12.1.x86_64",
          "SUSE Linux Enterprise Micro 5.2:tar-1.34-150000.3.12.1.aarch64",
          "SUSE Linux Enterprise Micro 5.2:tar-1.34-150000.3.12.1.s390x",
          "SUSE Linux Enterprise Micro 5.2:tar-1.34-150000.3.12.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-1.34-150000.3.12.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-1.34-150000.3.12.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-1.34-150000.3.12.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-1.34-150000.3.12.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-lang-1.34-150000.3.12.1.noarch",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-rmt-1.34-150000.3.12.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-rmt-1.34-150000.3.12.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-rmt-1.34-150000.3.12.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-rmt-1.34-150000.3.12.1.x86_64",
          "SUSE Linux Enterprise Real Time 15 SP2:tar-1.34-150000.3.12.1.x86_64",
          "SUSE Linux Enterprise Real Time 15 SP2:tar-lang-1.34-150000.3.12.1.noarch",
          "SUSE Linux Enterprise Real Time 15 SP2:tar-rmt-1.34-150000.3.12.1.x86_64",
          "openSUSE Leap 15.3:tar-1.34-150000.3.12.1.aarch64",
          "openSUSE Leap 15.3:tar-1.34-150000.3.12.1.ppc64le",
          "openSUSE Leap 15.3:tar-1.34-150000.3.12.1.s390x",
          "openSUSE Leap 15.3:tar-1.34-150000.3.12.1.x86_64",
          "openSUSE Leap 15.3:tar-backup-scripts-1.34-150000.3.12.1.noarch",
          "openSUSE Leap 15.3:tar-doc-1.34-150000.3.12.1.noarch",
          "openSUSE Leap 15.3:tar-lang-1.34-150000.3.12.1.noarch",
          "openSUSE Leap 15.3:tar-rmt-1.34-150000.3.12.1.aarch64",
          "openSUSE Leap 15.3:tar-rmt-1.34-150000.3.12.1.ppc64le",
          "openSUSE Leap 15.3:tar-rmt-1.34-150000.3.12.1.s390x",
          "openSUSE Leap 15.3:tar-rmt-1.34-150000.3.12.1.x86_64",
          "openSUSE Leap 15.3:tar-tests-1.34-150000.3.12.1.aarch64",
          "openSUSE Leap 15.3:tar-tests-1.34-150000.3.12.1.ppc64le",
          "openSUSE Leap 15.3:tar-tests-1.34-150000.3.12.1.s390x",
          "openSUSE Leap 15.3:tar-tests-1.34-150000.3.12.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-20482",
          "url": "https://www.suse.com/security/cve/CVE-2018-20482"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1120610 for CVE-2018-20482",
          "url": "https://bugzilla.suse.com/1120610"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.0:tar-1.34-150000.3.12.1.aarch64",
            "SUSE Linux Enterprise Micro 5.0:tar-1.34-150000.3.12.1.x86_64",
            "SUSE Linux Enterprise Micro 5.1:tar-1.34-150000.3.12.1.aarch64",
            "SUSE Linux Enterprise Micro 5.1:tar-1.34-150000.3.12.1.s390x",
            "SUSE Linux Enterprise Micro 5.1:tar-1.34-150000.3.12.1.x86_64",
            "SUSE Linux Enterprise Micro 5.2:tar-1.34-150000.3.12.1.aarch64",
            "SUSE Linux Enterprise Micro 5.2:tar-1.34-150000.3.12.1.s390x",
            "SUSE Linux Enterprise Micro 5.2:tar-1.34-150000.3.12.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-1.34-150000.3.12.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-1.34-150000.3.12.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-1.34-150000.3.12.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-1.34-150000.3.12.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-lang-1.34-150000.3.12.1.noarch",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-rmt-1.34-150000.3.12.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-rmt-1.34-150000.3.12.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-rmt-1.34-150000.3.12.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-rmt-1.34-150000.3.12.1.x86_64",
            "SUSE Linux Enterprise Real Time 15 SP2:tar-1.34-150000.3.12.1.x86_64",
            "SUSE Linux Enterprise Real Time 15 SP2:tar-lang-1.34-150000.3.12.1.noarch",
            "SUSE Linux Enterprise Real Time 15 SP2:tar-rmt-1.34-150000.3.12.1.x86_64",
            "openSUSE Leap 15.3:tar-1.34-150000.3.12.1.aarch64",
            "openSUSE Leap 15.3:tar-1.34-150000.3.12.1.ppc64le",
            "openSUSE Leap 15.3:tar-1.34-150000.3.12.1.s390x",
            "openSUSE Leap 15.3:tar-1.34-150000.3.12.1.x86_64",
            "openSUSE Leap 15.3:tar-backup-scripts-1.34-150000.3.12.1.noarch",
            "openSUSE Leap 15.3:tar-doc-1.34-150000.3.12.1.noarch",
            "openSUSE Leap 15.3:tar-lang-1.34-150000.3.12.1.noarch",
            "openSUSE Leap 15.3:tar-rmt-1.34-150000.3.12.1.aarch64",
            "openSUSE Leap 15.3:tar-rmt-1.34-150000.3.12.1.ppc64le",
            "openSUSE Leap 15.3:tar-rmt-1.34-150000.3.12.1.s390x",
            "openSUSE Leap 15.3:tar-rmt-1.34-150000.3.12.1.x86_64",
            "openSUSE Leap 15.3:tar-tests-1.34-150000.3.12.1.aarch64",
            "openSUSE Leap 15.3:tar-tests-1.34-150000.3.12.1.ppc64le",
            "openSUSE Leap 15.3:tar-tests-1.34-150000.3.12.1.s390x",
            "openSUSE Leap 15.3:tar-tests-1.34-150000.3.12.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.0:tar-1.34-150000.3.12.1.aarch64",
            "SUSE Linux Enterprise Micro 5.0:tar-1.34-150000.3.12.1.x86_64",
            "SUSE Linux Enterprise Micro 5.1:tar-1.34-150000.3.12.1.aarch64",
            "SUSE Linux Enterprise Micro 5.1:tar-1.34-150000.3.12.1.s390x",
            "SUSE Linux Enterprise Micro 5.1:tar-1.34-150000.3.12.1.x86_64",
            "SUSE Linux Enterprise Micro 5.2:tar-1.34-150000.3.12.1.aarch64",
            "SUSE Linux Enterprise Micro 5.2:tar-1.34-150000.3.12.1.s390x",
            "SUSE Linux Enterprise Micro 5.2:tar-1.34-150000.3.12.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-1.34-150000.3.12.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-1.34-150000.3.12.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-1.34-150000.3.12.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-1.34-150000.3.12.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-lang-1.34-150000.3.12.1.noarch",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-rmt-1.34-150000.3.12.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-rmt-1.34-150000.3.12.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-rmt-1.34-150000.3.12.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-rmt-1.34-150000.3.12.1.x86_64",
            "SUSE Linux Enterprise Real Time 15 SP2:tar-1.34-150000.3.12.1.x86_64",
            "SUSE Linux Enterprise Real Time 15 SP2:tar-lang-1.34-150000.3.12.1.noarch",
            "SUSE Linux Enterprise Real Time 15 SP2:tar-rmt-1.34-150000.3.12.1.x86_64",
            "openSUSE Leap 15.3:tar-1.34-150000.3.12.1.aarch64",
            "openSUSE Leap 15.3:tar-1.34-150000.3.12.1.ppc64le",
            "openSUSE Leap 15.3:tar-1.34-150000.3.12.1.s390x",
            "openSUSE Leap 15.3:tar-1.34-150000.3.12.1.x86_64",
            "openSUSE Leap 15.3:tar-backup-scripts-1.34-150000.3.12.1.noarch",
            "openSUSE Leap 15.3:tar-doc-1.34-150000.3.12.1.noarch",
            "openSUSE Leap 15.3:tar-lang-1.34-150000.3.12.1.noarch",
            "openSUSE Leap 15.3:tar-rmt-1.34-150000.3.12.1.aarch64",
            "openSUSE Leap 15.3:tar-rmt-1.34-150000.3.12.1.ppc64le",
            "openSUSE Leap 15.3:tar-rmt-1.34-150000.3.12.1.s390x",
            "openSUSE Leap 15.3:tar-rmt-1.34-150000.3.12.1.x86_64",
            "openSUSE Leap 15.3:tar-tests-1.34-150000.3.12.1.aarch64",
            "openSUSE Leap 15.3:tar-tests-1.34-150000.3.12.1.ppc64le",
            "openSUSE Leap 15.3:tar-tests-1.34-150000.3.12.1.s390x",
            "openSUSE Leap 15.3:tar-tests-1.34-150000.3.12.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-05-05T14:45:44Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-20482"
    },
    {
      "cve": "CVE-2019-9923",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-9923"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.0:tar-1.34-150000.3.12.1.aarch64",
          "SUSE Linux Enterprise Micro 5.0:tar-1.34-150000.3.12.1.x86_64",
          "SUSE Linux Enterprise Micro 5.1:tar-1.34-150000.3.12.1.aarch64",
          "SUSE Linux Enterprise Micro 5.1:tar-1.34-150000.3.12.1.s390x",
          "SUSE Linux Enterprise Micro 5.1:tar-1.34-150000.3.12.1.x86_64",
          "SUSE Linux Enterprise Micro 5.2:tar-1.34-150000.3.12.1.aarch64",
          "SUSE Linux Enterprise Micro 5.2:tar-1.34-150000.3.12.1.s390x",
          "SUSE Linux Enterprise Micro 5.2:tar-1.34-150000.3.12.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-1.34-150000.3.12.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-1.34-150000.3.12.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-1.34-150000.3.12.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-1.34-150000.3.12.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-lang-1.34-150000.3.12.1.noarch",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-rmt-1.34-150000.3.12.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-rmt-1.34-150000.3.12.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-rmt-1.34-150000.3.12.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-rmt-1.34-150000.3.12.1.x86_64",
          "SUSE Linux Enterprise Real Time 15 SP2:tar-1.34-150000.3.12.1.x86_64",
          "SUSE Linux Enterprise Real Time 15 SP2:tar-lang-1.34-150000.3.12.1.noarch",
          "SUSE Linux Enterprise Real Time 15 SP2:tar-rmt-1.34-150000.3.12.1.x86_64",
          "openSUSE Leap 15.3:tar-1.34-150000.3.12.1.aarch64",
          "openSUSE Leap 15.3:tar-1.34-150000.3.12.1.ppc64le",
          "openSUSE Leap 15.3:tar-1.34-150000.3.12.1.s390x",
          "openSUSE Leap 15.3:tar-1.34-150000.3.12.1.x86_64",
          "openSUSE Leap 15.3:tar-backup-scripts-1.34-150000.3.12.1.noarch",
          "openSUSE Leap 15.3:tar-doc-1.34-150000.3.12.1.noarch",
          "openSUSE Leap 15.3:tar-lang-1.34-150000.3.12.1.noarch",
          "openSUSE Leap 15.3:tar-rmt-1.34-150000.3.12.1.aarch64",
          "openSUSE Leap 15.3:tar-rmt-1.34-150000.3.12.1.ppc64le",
          "openSUSE Leap 15.3:tar-rmt-1.34-150000.3.12.1.s390x",
          "openSUSE Leap 15.3:tar-rmt-1.34-150000.3.12.1.x86_64",
          "openSUSE Leap 15.3:tar-tests-1.34-150000.3.12.1.aarch64",
          "openSUSE Leap 15.3:tar-tests-1.34-150000.3.12.1.ppc64le",
          "openSUSE Leap 15.3:tar-tests-1.34-150000.3.12.1.s390x",
          "openSUSE Leap 15.3:tar-tests-1.34-150000.3.12.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-9923",
          "url": "https://www.suse.com/security/cve/CVE-2019-9923"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1130496 for CVE-2019-9923",
          "url": "https://bugzilla.suse.com/1130496"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.0:tar-1.34-150000.3.12.1.aarch64",
            "SUSE Linux Enterprise Micro 5.0:tar-1.34-150000.3.12.1.x86_64",
            "SUSE Linux Enterprise Micro 5.1:tar-1.34-150000.3.12.1.aarch64",
            "SUSE Linux Enterprise Micro 5.1:tar-1.34-150000.3.12.1.s390x",
            "SUSE Linux Enterprise Micro 5.1:tar-1.34-150000.3.12.1.x86_64",
            "SUSE Linux Enterprise Micro 5.2:tar-1.34-150000.3.12.1.aarch64",
            "SUSE Linux Enterprise Micro 5.2:tar-1.34-150000.3.12.1.s390x",
            "SUSE Linux Enterprise Micro 5.2:tar-1.34-150000.3.12.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-1.34-150000.3.12.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-1.34-150000.3.12.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-1.34-150000.3.12.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-1.34-150000.3.12.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-lang-1.34-150000.3.12.1.noarch",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-rmt-1.34-150000.3.12.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-rmt-1.34-150000.3.12.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-rmt-1.34-150000.3.12.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-rmt-1.34-150000.3.12.1.x86_64",
            "SUSE Linux Enterprise Real Time 15 SP2:tar-1.34-150000.3.12.1.x86_64",
            "SUSE Linux Enterprise Real Time 15 SP2:tar-lang-1.34-150000.3.12.1.noarch",
            "SUSE Linux Enterprise Real Time 15 SP2:tar-rmt-1.34-150000.3.12.1.x86_64",
            "openSUSE Leap 15.3:tar-1.34-150000.3.12.1.aarch64",
            "openSUSE Leap 15.3:tar-1.34-150000.3.12.1.ppc64le",
            "openSUSE Leap 15.3:tar-1.34-150000.3.12.1.s390x",
            "openSUSE Leap 15.3:tar-1.34-150000.3.12.1.x86_64",
            "openSUSE Leap 15.3:tar-backup-scripts-1.34-150000.3.12.1.noarch",
            "openSUSE Leap 15.3:tar-doc-1.34-150000.3.12.1.noarch",
            "openSUSE Leap 15.3:tar-lang-1.34-150000.3.12.1.noarch",
            "openSUSE Leap 15.3:tar-rmt-1.34-150000.3.12.1.aarch64",
            "openSUSE Leap 15.3:tar-rmt-1.34-150000.3.12.1.ppc64le",
            "openSUSE Leap 15.3:tar-rmt-1.34-150000.3.12.1.s390x",
            "openSUSE Leap 15.3:tar-rmt-1.34-150000.3.12.1.x86_64",
            "openSUSE Leap 15.3:tar-tests-1.34-150000.3.12.1.aarch64",
            "openSUSE Leap 15.3:tar-tests-1.34-150000.3.12.1.ppc64le",
            "openSUSE Leap 15.3:tar-tests-1.34-150000.3.12.1.s390x",
            "openSUSE Leap 15.3:tar-tests-1.34-150000.3.12.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.0:tar-1.34-150000.3.12.1.aarch64",
            "SUSE Linux Enterprise Micro 5.0:tar-1.34-150000.3.12.1.x86_64",
            "SUSE Linux Enterprise Micro 5.1:tar-1.34-150000.3.12.1.aarch64",
            "SUSE Linux Enterprise Micro 5.1:tar-1.34-150000.3.12.1.s390x",
            "SUSE Linux Enterprise Micro 5.1:tar-1.34-150000.3.12.1.x86_64",
            "SUSE Linux Enterprise Micro 5.2:tar-1.34-150000.3.12.1.aarch64",
            "SUSE Linux Enterprise Micro 5.2:tar-1.34-150000.3.12.1.s390x",
            "SUSE Linux Enterprise Micro 5.2:tar-1.34-150000.3.12.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-1.34-150000.3.12.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-1.34-150000.3.12.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-1.34-150000.3.12.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-1.34-150000.3.12.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-lang-1.34-150000.3.12.1.noarch",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-rmt-1.34-150000.3.12.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-rmt-1.34-150000.3.12.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-rmt-1.34-150000.3.12.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-rmt-1.34-150000.3.12.1.x86_64",
            "SUSE Linux Enterprise Real Time 15 SP2:tar-1.34-150000.3.12.1.x86_64",
            "SUSE Linux Enterprise Real Time 15 SP2:tar-lang-1.34-150000.3.12.1.noarch",
            "SUSE Linux Enterprise Real Time 15 SP2:tar-rmt-1.34-150000.3.12.1.x86_64",
            "openSUSE Leap 15.3:tar-1.34-150000.3.12.1.aarch64",
            "openSUSE Leap 15.3:tar-1.34-150000.3.12.1.ppc64le",
            "openSUSE Leap 15.3:tar-1.34-150000.3.12.1.s390x",
            "openSUSE Leap 15.3:tar-1.34-150000.3.12.1.x86_64",
            "openSUSE Leap 15.3:tar-backup-scripts-1.34-150000.3.12.1.noarch",
            "openSUSE Leap 15.3:tar-doc-1.34-150000.3.12.1.noarch",
            "openSUSE Leap 15.3:tar-lang-1.34-150000.3.12.1.noarch",
            "openSUSE Leap 15.3:tar-rmt-1.34-150000.3.12.1.aarch64",
            "openSUSE Leap 15.3:tar-rmt-1.34-150000.3.12.1.ppc64le",
            "openSUSE Leap 15.3:tar-rmt-1.34-150000.3.12.1.s390x",
            "openSUSE Leap 15.3:tar-rmt-1.34-150000.3.12.1.x86_64",
            "openSUSE Leap 15.3:tar-tests-1.34-150000.3.12.1.aarch64",
            "openSUSE Leap 15.3:tar-tests-1.34-150000.3.12.1.ppc64le",
            "openSUSE Leap 15.3:tar-tests-1.34-150000.3.12.1.s390x",
            "openSUSE Leap 15.3:tar-tests-1.34-150000.3.12.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-05-05T14:45:44Z",
          "details": "low"
        }
      ],
      "title": "CVE-2019-9923"
    },
    {
      "cve": "CVE-2021-20193",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-20193"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.0:tar-1.34-150000.3.12.1.aarch64",
          "SUSE Linux Enterprise Micro 5.0:tar-1.34-150000.3.12.1.x86_64",
          "SUSE Linux Enterprise Micro 5.1:tar-1.34-150000.3.12.1.aarch64",
          "SUSE Linux Enterprise Micro 5.1:tar-1.34-150000.3.12.1.s390x",
          "SUSE Linux Enterprise Micro 5.1:tar-1.34-150000.3.12.1.x86_64",
          "SUSE Linux Enterprise Micro 5.2:tar-1.34-150000.3.12.1.aarch64",
          "SUSE Linux Enterprise Micro 5.2:tar-1.34-150000.3.12.1.s390x",
          "SUSE Linux Enterprise Micro 5.2:tar-1.34-150000.3.12.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-1.34-150000.3.12.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-1.34-150000.3.12.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-1.34-150000.3.12.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-1.34-150000.3.12.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-lang-1.34-150000.3.12.1.noarch",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-rmt-1.34-150000.3.12.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-rmt-1.34-150000.3.12.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-rmt-1.34-150000.3.12.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-rmt-1.34-150000.3.12.1.x86_64",
          "SUSE Linux Enterprise Real Time 15 SP2:tar-1.34-150000.3.12.1.x86_64",
          "SUSE Linux Enterprise Real Time 15 SP2:tar-lang-1.34-150000.3.12.1.noarch",
          "SUSE Linux Enterprise Real Time 15 SP2:tar-rmt-1.34-150000.3.12.1.x86_64",
          "openSUSE Leap 15.3:tar-1.34-150000.3.12.1.aarch64",
          "openSUSE Leap 15.3:tar-1.34-150000.3.12.1.ppc64le",
          "openSUSE Leap 15.3:tar-1.34-150000.3.12.1.s390x",
          "openSUSE Leap 15.3:tar-1.34-150000.3.12.1.x86_64",
          "openSUSE Leap 15.3:tar-backup-scripts-1.34-150000.3.12.1.noarch",
          "openSUSE Leap 15.3:tar-doc-1.34-150000.3.12.1.noarch",
          "openSUSE Leap 15.3:tar-lang-1.34-150000.3.12.1.noarch",
          "openSUSE Leap 15.3:tar-rmt-1.34-150000.3.12.1.aarch64",
          "openSUSE Leap 15.3:tar-rmt-1.34-150000.3.12.1.ppc64le",
          "openSUSE Leap 15.3:tar-rmt-1.34-150000.3.12.1.s390x",
          "openSUSE Leap 15.3:tar-rmt-1.34-150000.3.12.1.x86_64",
          "openSUSE Leap 15.3:tar-tests-1.34-150000.3.12.1.aarch64",
          "openSUSE Leap 15.3:tar-tests-1.34-150000.3.12.1.ppc64le",
          "openSUSE Leap 15.3:tar-tests-1.34-150000.3.12.1.s390x",
          "openSUSE Leap 15.3:tar-tests-1.34-150000.3.12.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-20193",
          "url": "https://www.suse.com/security/cve/CVE-2021-20193"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1181131 for CVE-2021-20193",
          "url": "https://bugzilla.suse.com/1181131"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.0:tar-1.34-150000.3.12.1.aarch64",
            "SUSE Linux Enterprise Micro 5.0:tar-1.34-150000.3.12.1.x86_64",
            "SUSE Linux Enterprise Micro 5.1:tar-1.34-150000.3.12.1.aarch64",
            "SUSE Linux Enterprise Micro 5.1:tar-1.34-150000.3.12.1.s390x",
            "SUSE Linux Enterprise Micro 5.1:tar-1.34-150000.3.12.1.x86_64",
            "SUSE Linux Enterprise Micro 5.2:tar-1.34-150000.3.12.1.aarch64",
            "SUSE Linux Enterprise Micro 5.2:tar-1.34-150000.3.12.1.s390x",
            "SUSE Linux Enterprise Micro 5.2:tar-1.34-150000.3.12.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-1.34-150000.3.12.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-1.34-150000.3.12.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-1.34-150000.3.12.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-1.34-150000.3.12.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-lang-1.34-150000.3.12.1.noarch",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-rmt-1.34-150000.3.12.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-rmt-1.34-150000.3.12.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-rmt-1.34-150000.3.12.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-rmt-1.34-150000.3.12.1.x86_64",
            "SUSE Linux Enterprise Real Time 15 SP2:tar-1.34-150000.3.12.1.x86_64",
            "SUSE Linux Enterprise Real Time 15 SP2:tar-lang-1.34-150000.3.12.1.noarch",
            "SUSE Linux Enterprise Real Time 15 SP2:tar-rmt-1.34-150000.3.12.1.x86_64",
            "openSUSE Leap 15.3:tar-1.34-150000.3.12.1.aarch64",
            "openSUSE Leap 15.3:tar-1.34-150000.3.12.1.ppc64le",
            "openSUSE Leap 15.3:tar-1.34-150000.3.12.1.s390x",
            "openSUSE Leap 15.3:tar-1.34-150000.3.12.1.x86_64",
            "openSUSE Leap 15.3:tar-backup-scripts-1.34-150000.3.12.1.noarch",
            "openSUSE Leap 15.3:tar-doc-1.34-150000.3.12.1.noarch",
            "openSUSE Leap 15.3:tar-lang-1.34-150000.3.12.1.noarch",
            "openSUSE Leap 15.3:tar-rmt-1.34-150000.3.12.1.aarch64",
            "openSUSE Leap 15.3:tar-rmt-1.34-150000.3.12.1.ppc64le",
            "openSUSE Leap 15.3:tar-rmt-1.34-150000.3.12.1.s390x",
            "openSUSE Leap 15.3:tar-rmt-1.34-150000.3.12.1.x86_64",
            "openSUSE Leap 15.3:tar-tests-1.34-150000.3.12.1.aarch64",
            "openSUSE Leap 15.3:tar-tests-1.34-150000.3.12.1.ppc64le",
            "openSUSE Leap 15.3:tar-tests-1.34-150000.3.12.1.s390x",
            "openSUSE Leap 15.3:tar-tests-1.34-150000.3.12.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.0:tar-1.34-150000.3.12.1.aarch64",
            "SUSE Linux Enterprise Micro 5.0:tar-1.34-150000.3.12.1.x86_64",
            "SUSE Linux Enterprise Micro 5.1:tar-1.34-150000.3.12.1.aarch64",
            "SUSE Linux Enterprise Micro 5.1:tar-1.34-150000.3.12.1.s390x",
            "SUSE Linux Enterprise Micro 5.1:tar-1.34-150000.3.12.1.x86_64",
            "SUSE Linux Enterprise Micro 5.2:tar-1.34-150000.3.12.1.aarch64",
            "SUSE Linux Enterprise Micro 5.2:tar-1.34-150000.3.12.1.s390x",
            "SUSE Linux Enterprise Micro 5.2:tar-1.34-150000.3.12.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-1.34-150000.3.12.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-1.34-150000.3.12.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-1.34-150000.3.12.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-1.34-150000.3.12.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-lang-1.34-150000.3.12.1.noarch",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-rmt-1.34-150000.3.12.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-rmt-1.34-150000.3.12.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-rmt-1.34-150000.3.12.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:tar-rmt-1.34-150000.3.12.1.x86_64",
            "SUSE Linux Enterprise Real Time 15 SP2:tar-1.34-150000.3.12.1.x86_64",
            "SUSE Linux Enterprise Real Time 15 SP2:tar-lang-1.34-150000.3.12.1.noarch",
            "SUSE Linux Enterprise Real Time 15 SP2:tar-rmt-1.34-150000.3.12.1.x86_64",
            "openSUSE Leap 15.3:tar-1.34-150000.3.12.1.aarch64",
            "openSUSE Leap 15.3:tar-1.34-150000.3.12.1.ppc64le",
            "openSUSE Leap 15.3:tar-1.34-150000.3.12.1.s390x",
            "openSUSE Leap 15.3:tar-1.34-150000.3.12.1.x86_64",
            "openSUSE Leap 15.3:tar-backup-scripts-1.34-150000.3.12.1.noarch",
            "openSUSE Leap 15.3:tar-doc-1.34-150000.3.12.1.noarch",
            "openSUSE Leap 15.3:tar-lang-1.34-150000.3.12.1.noarch",
            "openSUSE Leap 15.3:tar-rmt-1.34-150000.3.12.1.aarch64",
            "openSUSE Leap 15.3:tar-rmt-1.34-150000.3.12.1.ppc64le",
            "openSUSE Leap 15.3:tar-rmt-1.34-150000.3.12.1.s390x",
            "openSUSE Leap 15.3:tar-rmt-1.34-150000.3.12.1.x86_64",
            "openSUSE Leap 15.3:tar-tests-1.34-150000.3.12.1.aarch64",
            "openSUSE Leap 15.3:tar-tests-1.34-150000.3.12.1.ppc64le",
            "openSUSE Leap 15.3:tar-tests-1.34-150000.3.12.1.s390x",
            "openSUSE Leap 15.3:tar-tests-1.34-150000.3.12.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-05-05T14:45:44Z",
          "details": "low"
        }
      ],
      "title": "CVE-2021-20193"
    }
  ]
}

CVE-2018-20482 (GCVE-0-2018-20482)

Vulnerability from cvelistv5

Published

2018-12-26 18:00

Modified

2024-08-05 12:05

Severity ?

CWE

Summary

GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).

References

▼	URL	Tags
	https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug	x_refsource_MISC
	http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2018/12/msg00023.html	mailing-list, x_refsource_MLIST
	https://news.ycombinator.com/item?id=18745431	x_refsource_MISC
	http://www.securityfocus.com/bid/106354	vdb-entry, x_refsource_BID
	https://security.gentoo.org/glsa/201903-05	vendor-advisory, x_refsource_GENTOO
	http://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html	x_refsource_MISC
	https://twitter.com/thatcks/status/1076166645708668928	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html	vendor-advisory, x_refsource_SUSE
	https://lists.debian.org/debian-lts-announce/2021/11/msg00025.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:05:16.165Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454"
          },
          {
            "name": "[debian-lts-announce] 20181231 [SECURITY] [DLA 1623-1] tar security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00023.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://news.ycombinator.com/item?id=18745431"
          },
          {
            "name": "106354",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106354"
          },
          {
            "name": "GLSA-201903-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201903-05"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://twitter.com/thatcks/status/1076166645708668928"
          },
          {
            "name": "openSUSE-SU-2019:1237",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html"
          },
          {
            "name": "[debian-lts-announce] 20211128 [SECURITY] [DLA 2830-1] tar security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00025.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-12-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user\u0027s process (e.g., a system backup running as root)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-11-28T14:06:09",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454"
        },
        {
          "name": "[debian-lts-announce] 20181231 [SECURITY] [DLA 1623-1] tar security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00023.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://news.ycombinator.com/item?id=18745431"
        },
        {
          "name": "106354",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106354"
        },
        {
          "name": "GLSA-201903-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201903-05"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://twitter.com/thatcks/status/1076166645708668928"
        },
        {
          "name": "openSUSE-SU-2019:1237",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html"
        },
        {
          "name": "[debian-lts-announce] 20211128 [SECURITY] [DLA 2830-1] tar security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00025.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-20482",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user\u0027s process (e.g., a system backup running as root)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug",
              "refsource": "MISC",
              "url": "https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug"
            },
            {
              "name": "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454",
              "refsource": "MISC",
              "url": "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454"
            },
            {
              "name": "[debian-lts-announce] 20181231 [SECURITY] [DLA 1623-1] tar security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00023.html"
            },
            {
              "name": "https://news.ycombinator.com/item?id=18745431",
              "refsource": "MISC",
              "url": "https://news.ycombinator.com/item?id=18745431"
            },
            {
              "name": "106354",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106354"
            },
            {
              "name": "GLSA-201903-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201903-05"
            },
            {
              "name": "http://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html",
              "refsource": "MISC",
              "url": "http://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html"
            },
            {
              "name": "https://twitter.com/thatcks/status/1076166645708668928",
              "refsource": "MISC",
              "url": "https://twitter.com/thatcks/status/1076166645708668928"
            },
            {
              "name": "openSUSE-SU-2019:1237",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html"
            },
            {
              "name": "[debian-lts-announce] 20211128 [SECURITY] [DLA 2830-1] tar security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00025.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-20482",
    "datePublished": "2018-12-26T18:00:00",
    "dateReserved": "2018-12-26T00:00:00",
    "dateUpdated": "2024-08-05T12:05:16.165Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-9923 (GCVE-0-2019-9923)

Vulnerability from cvelistv5

Published

2019-03-22 07:06

Modified

2025-08-06 21:12

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

Summary

pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.

References

▼	URL	Tags
	https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241	x_refsource_MISC
	http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120	x_refsource_MISC
	http://savannah.gnu.org/bugs/?55369	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html	vendor-advisory, x_refsource_SUSE
	https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:01:55.196Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://savannah.gnu.org/bugs/?55369"
          },
          {
            "name": "openSUSE-SU-2019:1237",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html"
          },
          {
            "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
          },
          {
            "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2019-9923",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-06T20:59:20.396938Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-06T21:12:33.535Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-29T14:09:45.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://savannah.gnu.org/bugs/?55369"
        },
        {
          "name": "openSUSE-SU-2019:1237",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html"
        },
        {
          "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
        },
        {
          "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-9923",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241",
              "refsource": "MISC",
              "url": "https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241"
            },
            {
              "name": "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120",
              "refsource": "MISC",
              "url": "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120"
            },
            {
              "name": "http://savannah.gnu.org/bugs/?55369",
              "refsource": "MISC",
              "url": "http://savannah.gnu.org/bugs/?55369"
            },
            {
              "name": "openSUSE-SU-2019:1237",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html"
            },
            {
              "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
            },
            {
              "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-9923",
    "datePublished": "2019-03-22T07:06:44.000Z",
    "dateReserved": "2019-03-22T00:00:00.000Z",
    "dateUpdated": "2025-08-06T21:12:33.535Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-20193 (GCVE-0-2021-20193)

Vulnerability from cvelistv5

Published

2021-03-26 16:41

Modified

2024-08-03 17:30

Severity ?

CWE

CWE-401 - ->CWE-125

Summary

A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.

References

▼	URL	Tags
	https://bugzilla.redhat.com/show_bug.cgi?id=1917565	x_refsource_MISC
	https://savannah.gnu.org/bugs/?59897	x_refsource_MISC
	https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777	x_refsource_MISC
	https://security.gentoo.org/glsa/202105-29	vendor-advisory, x_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	n/a	tar	Version: 1.33 and earlier

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:30:07.480Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1917565"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://savannah.gnu.org/bugs/?59897"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777"
          },
          {
            "name": "GLSA-202105-29",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202105-29"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "tar",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "1.33 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-401",
              "description": "CWE-401-\u003eCWE-125",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-26T11:08:51",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1917565"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://savannah.gnu.org/bugs/?59897"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777"
        },
        {
          "name": "GLSA-202105-29",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202105-29"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-20193",
    "datePublished": "2021-03-26T16:41:23",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:30:07.480Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

suse-su-2022:1548-1

Vulnerability from csaf_suse

CVE-2018-20482 (GCVE-0-2018-20482)

Vulnerability from cvelistv5

CVE-2019-9923 (GCVE-0-2019-9923)

Vulnerability from cvelistv5

CVE-2021-20193 (GCVE-0-2021-20193)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature