var-202208-0859
Vulnerability from variot
The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak. feep.net of libtar Products from multiple other vendors are vulnerable to lack of freeing memory after expiration.Service operation interruption (DoS) It may be in a state. openEuler is an operating system of the Open Atom Open Source Foundation. There are security vulnerabilities in openEuler 20.03-LTS-SP1, 20.03-LTS-SP3 and 22.03-LTS versions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: libtar security update Advisory ID: RHSA-2023:2898-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2898 Issue date: 2023-05-16 CVE Names: CVE-2021-33643 CVE-2021-33644 CVE-2021-33645 CVE-2021-33646 ==================================================================== 1. Summary:
An update for libtar is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
The libtar packages contain a C library for manipulating tar archives. The library supports both the strict POSIX tar format and many of the commonly used GNU extensions.
Security Fix(es):
-
libtar: out-of-bounds read in gnu_longlink (CVE-2021-33643)
-
libtar: out-of-bounds read in gnu_longname (CVE-2021-33644)
-
libtar: memory leak found in th_read() function (CVE-2021-33645)
-
libtar: memory leak found in th_read() function (CVE-2021-33646)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source: libtar-1.2.20-17.el8.src.rpm
aarch64: libtar-1.2.20-17.el8.aarch64.rpm libtar-debuginfo-1.2.20-17.el8.aarch64.rpm libtar-debugsource-1.2.20-17.el8.aarch64.rpm
ppc64le: libtar-1.2.20-17.el8.ppc64le.rpm libtar-debuginfo-1.2.20-17.el8.ppc64le.rpm libtar-debugsource-1.2.20-17.el8.ppc64le.rpm
s390x: libtar-1.2.20-17.el8.s390x.rpm libtar-debuginfo-1.2.20-17.el8.s390x.rpm libtar-debugsource-1.2.20-17.el8.s390x.rpm
x86_64: libtar-1.2.20-17.el8.i686.rpm libtar-1.2.20-17.el8.x86_64.rpm libtar-debuginfo-1.2.20-17.el8.i686.rpm libtar-debuginfo-1.2.20-17.el8.x86_64.rpm libtar-debugsource-1.2.20-17.el8.i686.rpm libtar-debugsource-1.2.20-17.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-33643 https://access.redhat.com/security/cve/CVE-2021-33644 https://access.redhat.com/security/cve/CVE-2021-33645 https://access.redhat.com/security/cve/CVE-2021-33646 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBZGNwdNzjgjWX9erEAQjfPw//SoG/pVemP1peDGxUFDfBMBbldrFWpNro Te4tTe3YAkVgQgtnGZ8n3Arlrryk+3wfgQj3u9gdUj1w14YyEZC8hpWLCXI5iw/P Ul4dHHOnO0UW568dkaqUeJjl02o2ugRp2RZVt14yuZqLKmF9WCJW7lCZQLoqCIVp 7P3vZOQBlyU6BuGXO4Th86fpLDEZCboBQDA2QeNFvt+qNwvNxgb3A05217tfXnZ4 EpltZPIrl8pzEmmWA09XeFgIm5GXNiWjjR/fF3OHSgQ9cmXnafxWSBNiDlzHNQCk 0/z5gcvl+BJLceQoZBo6hdldHCiOF20jCxr8Nb/3sSJ+zAqQqqNsnDQ1TGs2GMDz Mx5JECSk0p79MMKR0mrP2NbCqxqEsqOkjinIa0PDlKNPFbEikA4l7fXu58KyHsr/ V9otYHvD1ilS7cTw1FGi198oodCofA+euZCQBNnWuFbnrCo1cyRBN6mjCMZwDgww ZhNWOUvAmkhtC5ebBb8zuMJ73ojSwiv886kJbEjDlG7SDGbMPHxEAgTHWZp5l+jw z36m+SegsAXE/UKHRYTFriRA5p1pyq/AVUMwhMXvQhwwNxPl2wsaUOJGFBw3Fu3n bAFXpxAngQvELHEFOtmL9fzbnFo93OTkvuz9tJpbvNOCmDBJJEN6Znhic0iWzT0p kHiakPvkvj4=I+bk -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202208-0859", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "openeuler", scope: "eq", trust: 1, vendor: "huawei", version: "22.03", }, { model: "openeuler", scope: "eq", trust: 1, vendor: "huawei", version: "20.03", }, { model: "fedora", scope: "eq", trust: 1, vendor: "fedoraproject", version: "35", }, { model: "libtar", scope: "lt", trust: 1, vendor: "feep", version: "1.2.21", }, { model: "fedora", scope: "eq", trust: 1, vendor: "fedoraproject", version: "36", }, { model: "fedora", scope: "eq", trust: 1, vendor: "fedoraproject", version: "37", }, { model: "fedora", scope: null, trust: 0.8, vendor: "fedora", version: null, }, { model: "openeuler", scope: null, trust: 0.8, vendor: "huawei", version: null, }, { model: "libtar", scope: null, trust: 0.8, vendor: "feep net", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-020152", }, { db: "NVD", id: "CVE-2021-33645", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Red Hat", sources: [ { db: "PACKETSTORM", id: "172362", }, ], trust: 0.1, }, cve: "CVE-2021-33645", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitabilityScore: 3.9, id: "CVE-2021-33645", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2021-33645", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2021-33645", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2021-33645", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-202208-2781", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-020152", }, { db: "CNNVD", id: "CNNVD-202208-2781", }, { db: "NVD", id: "CVE-2021-33645", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak. feep.net of libtar Products from multiple other vendors are vulnerable to lack of freeing memory after expiration.Service operation interruption (DoS) It may be in a state. openEuler is an operating system of the Open Atom Open Source Foundation. There are security vulnerabilities in openEuler 20.03-LTS-SP1, 20.03-LTS-SP3 and 22.03-LTS versions. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: libtar security update\nAdvisory ID: RHSA-2023:2898-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2023:2898\nIssue date: 2023-05-16\nCVE Names: CVE-2021-33643 CVE-2021-33644 CVE-2021-33645\n CVE-2021-33646\n====================================================================\n1. Summary:\n\nAn update for libtar is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe libtar packages contain a C library for manipulating tar archives. The\nlibrary supports both the strict POSIX tar format and many of the commonly\nused GNU extensions. \n\nSecurity Fix(es):\n\n* libtar: out-of-bounds read in gnu_longlink (CVE-2021-33643)\n\n* libtar: out-of-bounds read in gnu_longname (CVE-2021-33644)\n\n* libtar: memory leak found in th_read() function (CVE-2021-33645)\n\n* libtar: memory leak found in th_read() function (CVE-2021-33646)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.8 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\nlibtar-1.2.20-17.el8.src.rpm\n\naarch64:\nlibtar-1.2.20-17.el8.aarch64.rpm\nlibtar-debuginfo-1.2.20-17.el8.aarch64.rpm\nlibtar-debugsource-1.2.20-17.el8.aarch64.rpm\n\nppc64le:\nlibtar-1.2.20-17.el8.ppc64le.rpm\nlibtar-debuginfo-1.2.20-17.el8.ppc64le.rpm\nlibtar-debugsource-1.2.20-17.el8.ppc64le.rpm\n\ns390x:\nlibtar-1.2.20-17.el8.s390x.rpm\nlibtar-debuginfo-1.2.20-17.el8.s390x.rpm\nlibtar-debugsource-1.2.20-17.el8.s390x.rpm\n\nx86_64:\nlibtar-1.2.20-17.el8.i686.rpm\nlibtar-1.2.20-17.el8.x86_64.rpm\nlibtar-debuginfo-1.2.20-17.el8.i686.rpm\nlibtar-debuginfo-1.2.20-17.el8.x86_64.rpm\nlibtar-debugsource-1.2.20-17.el8.i686.rpm\nlibtar-debugsource-1.2.20-17.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-33643\nhttps://access.redhat.com/security/cve/CVE-2021-33644\nhttps://access.redhat.com/security/cve/CVE-2021-33645\nhttps://access.redhat.com/security/cve/CVE-2021-33646\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is <secalert@redhat.com>. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBZGNwdNzjgjWX9erEAQjfPw//SoG/pVemP1peDGxUFDfBMBbldrFWpNro\nTe4tTe3YAkVgQgtnGZ8n3Arlrryk+3wfgQj3u9gdUj1w14YyEZC8hpWLCXI5iw/P\nUl4dHHOnO0UW568dkaqUeJjl02o2ugRp2RZVt14yuZqLKmF9WCJW7lCZQLoqCIVp\n7P3vZOQBlyU6BuGXO4Th86fpLDEZCboBQDA2QeNFvt+qNwvNxgb3A05217tfXnZ4\nEpltZPIrl8pzEmmWA09XeFgIm5GXNiWjjR/fF3OHSgQ9cmXnafxWSBNiDlzHNQCk\n0/z5gcvl+BJLceQoZBo6hdldHCiOF20jCxr8Nb/3sSJ+zAqQqqNsnDQ1TGs2GMDz\nMx5JECSk0p79MMKR0mrP2NbCqxqEsqOkjinIa0PDlKNPFbEikA4l7fXu58KyHsr/\nV9otYHvD1ilS7cTw1FGi198oodCofA+euZCQBNnWuFbnrCo1cyRBN6mjCMZwDgww\nZhNWOUvAmkhtC5ebBb8zuMJ73ojSwiv886kJbEjDlG7SDGbMPHxEAgTHWZp5l+jw\nz36m+SegsAXE/UKHRYTFriRA5p1pyq/AVUMwhMXvQhwwNxPl2wsaUOJGFBw3Fu3n\nbAFXpxAngQvELHEFOtmL9fzbnFo93OTkvuz9tJpbvNOCmDBJJEN6Znhic0iWzT0p\nkHiakPvkvj4=I+bk\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n", sources: [ { db: "NVD", id: "CVE-2021-33645", }, { db: "JVNDB", id: "JVNDB-2021-020152", }, { db: "VULHUB", id: "VHN-393723", }, { db: "PACKETSTORM", id: "172362", }, ], trust: 1.8, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-33645", trust: 3.4, }, { db: "JVNDB", id: "JVNDB-2021-020152", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202208-2781", trust: 0.7, }, { db: "VULHUB", id: "VHN-393723", trust: 0.1, }, { db: "PACKETSTORM", id: "172362", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-393723", }, { db: "JVNDB", id: "JVNDB-2021-020152", }, { db: "PACKETSTORM", id: "172362", }, { db: "CNNVD", id: "CNNVD-202208-2781", }, { db: "NVD", id: "CVE-2021-33645", }, ], }, id: "VAR-202208-0859", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-393723", }, ], trust: 0.01, }, last_update_date: "2024-08-14T14:02:28.882000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "openEuler Security vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=204270", }, ], sources: [ { db: "CNNVD", id: "CNNVD-202208-2781", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-401", trust: 1.1, }, { problemtype: "Lack of memory release after expiration (CWE-401) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "VULHUB", id: "VHN-393723", }, { db: "JVNDB", id: "JVNDB-2021-020152", }, { db: "NVD", id: "CVE-2021-33645", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openeuler-sa-2022-1807", }, { trust: 1.5, url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7q26qdnojdofywmjweik5xr62m2ff6ij/", }, { trust: 1.5, url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/od4hebsti22fnykokk7w3x6zqe6fv3xc/", }, { trust: 1.5, url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4s4pjrcjleawn2ekxglsobtl7o57v7nc/", }, { trust: 1.5, url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7wx5ye66ct7y5c2hthxsfdkqwywywj2t/", }, { trust: 1.5, url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5yshzy753r7xw6cikjvawi373ww3yrrj/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4s4pjrcjleawn2ekxglsobtl7o57v7nc/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5yshzy753r7xw6cikjvawi373ww3yrrj/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7q26qdnojdofywmjweik5xr62m2ff6ij/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7wx5ye66ct7y5c2hthxsfdkqwywywj2t/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/od4hebsti22fnykokk7w3x6zqe6fv3xc/", }, { trust: 0.9, url: "https://nvd.nist.gov/vuln/detail/cve-2021-33645", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/libtar-four-vulnerabilities-39176", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2021-33645/", }, { trust: 0.1, url: "https://listman.redhat.com/mailman/listinfo/rhsa-announce", }, { trust: 0.1, url: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-33643", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2023:2898", }, { trust: 0.1, url: "https://access.redhat.com/security/updates/classification/#moderate", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-33646", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-33646", }, { trust: 0.1, url: "https://access.redhat.com/security/team/contact/", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-33644", }, { trust: 0.1, url: "https://access.redhat.com/articles/11258", }, { trust: 0.1, url: "https://bugzilla.redhat.com/):", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-33644", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-33643", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-33645", }, { trust: 0.1, url: "https://access.redhat.com/security/team/key/", }, ], sources: [ { db: "VULHUB", id: "VHN-393723", }, { db: "JVNDB", id: "JVNDB-2021-020152", }, { db: "PACKETSTORM", id: "172362", }, { db: "CNNVD", id: "CNNVD-202208-2781", }, { db: "NVD", id: "CVE-2021-33645", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-393723", }, { db: "JVNDB", id: "JVNDB-2021-020152", }, { db: "PACKETSTORM", id: "172362", }, { db: "CNNVD", id: "CNNVD-202208-2781", }, { db: "NVD", id: "CVE-2021-33645", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-08-10T00:00:00", db: "VULHUB", id: "VHN-393723", }, { date: "2023-09-19T00:00:00", db: "JVNDB", id: "JVNDB-2021-020152", }, { date: "2023-05-16T17:07:39", db: "PACKETSTORM", id: "172362", }, { date: "2022-08-10T00:00:00", db: "CNNVD", id: "CNNVD-202208-2781", }, { date: "2022-08-10T20:15:20.573000", db: "NVD", id: "CVE-2021-33645", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-01-11T00:00:00", db: "VULHUB", id: "VHN-393723", }, { date: "2023-09-19T08:11:00", db: "JVNDB", id: "JVNDB-2021-020152", }, { date: "2022-12-29T00:00:00", db: "CNNVD", id: "CNNVD-202208-2781", }, { date: "2023-11-07T03:35:53.790000", db: "NVD", id: "CVE-2021-33645", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202208-2781", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "feep.net of libtar Vulnerability related to lack of free memory after expiration in products from other vendors", sources: [ { db: "JVNDB", id: "JVNDB-2021-020152", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202208-2781", }, ], trust: 0.6, }, }
Log in or create an account to share your comment.
This schema specifies the format of a comment related to a security advisory.
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.