{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-16T08:28:19.575","vulnerabilities":[{"cve":{"id":"CVE-2021-33640","sourceIdentifier":"securities@openeuler.org","published":"2022-12-19T16:15:10.840","lastModified":"2025-04-02T18:33:53.340","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result, the released memory is used (use-after-free)."},{"lang":"es","value":"Después de tar_close(), libtar.c libera la memoria a la que apunta el puntero t. Después de llamar a tar_close() en la función list(), continúa usando el puntero t: free_longlink_longname(t->th_buf). Como resultado, la memoria liberada se utiliza (use after free)."}],"metrics":{"cvssMetricV31":[{"source":"securities@openeuler.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"securities@openeuler.org","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:openatom:openeuler:20.03:sp1:*:*:lts:*:*:*","matchCriteriaId":"464D2E5A-0D36-4893-85A4-2267AE0333DE"},{"vulnerable":true,"criteria":"cpe:2.3:o:openatom:openeuler:20.03:sp2:*:*:lts:*:*:*","matchCriteriaId":"EC27F5E3-893E-4A96-91C3-4B716457172C"},{"vulnerable":true,"criteria":"cpe:2.3:o:openatom:openeuler:22.03:*:*:*:lts:*:*:*","matchCriteriaId":"5975B9D2-6A0F-43DE-806E-C8FC6D152EF6"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*","matchCriteriaId":"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","matchCriteriaId":"E30D0E6F-4AE8-4284-8716-991DFA48CC5D"}]}]}],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/","source":"securities@openeuler.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/","source":"securities@openeuler.org"},{"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-33640&packageName=libtar","source":"securities@openeuler.org","tags":["Vendor Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-33640&packageName=libtar","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}