{"id":"CVE-2021-20193","details":"A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.","modified":"2026-03-20T04:12:32.528752Z","published":"2021-03-26T17:15:12.843Z","related":["MGASA-2021-0233","SUSE-SU-2021:0974-1","SUSE-SU-2021:0975-1","SUSE-SU-2022:1548-1","openSUSE-SU-2021:0494-1","openSUSE-SU-2024:11620-1"],"references":[{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202105-29"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1917565"},{"type":"FIX","url":"https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777"},{"type":"FIX","url":"https://savannah.gnu.org/bugs/?59897"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://cgit.git.savannah.gnu.org/cgit/tar.git","events":[{"introduced":"0"},{"fixed":"d9d4435692150fa8ff68e1b1a473d187cc3fd777"}]},{"type":"GIT","repo":"https://git.savannah.gnu.org/git/tar.git/","events":[{"introduced":"0"},{"last_affected":"0836a5114770e12ef4f4ebb3972868ba844f43f5"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.33"}]}}],"versions":["alpha_1_13_93","alpha_1_15_90","alpha_1_15_90_incremental_1","alpha_1_15_91","old","release_1_14","release_1_15","release_1_15_1","release_1_16","release_1_16_1","release_1_17","release_1_18","release_1_19","release_1_20","release_1_21","release_1_22","release_1_23","release_1_24","release_1_25","release_1_26","release_1_27","release_1_27_1","release_1_28","release_1_29","release_1_30","release_1_31","release_1_32","release_1_33"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-20193.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}]}