{"id":"JLSEC-2026-183","details":"A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.","modified":"2026-04-24T13:30:06.738104Z","published":"2026-04-24T13:16:18.171Z","upstream":["CVE-2021-20193"],"database_specific":{"sources":[{"url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2021-20193","modified":"2025-05-05T14:15:04.557Z","html_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20193","id":"CVE-2021-20193","published":"2021-03-26T17:15:12.843Z","imported":"2026-04-24T11:00:58.612Z","database_specific":{"status":"Analyzed"}}],"license":"CC-BY-4.0"},"references":[{"type":"WEB","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1917565"},{"type":"WEB","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1917565"},{"type":"WEB","url":"https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777"},{"type":"WEB","url":"https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777"},{"type":"WEB","url":"https://savannah.gnu.org/bugs/?59897"},{"type":"WEB","url":"https://savannah.gnu.org/bugs/?59897"},{"type":"WEB","url":"https://security.gentoo.org/glsa/202105-29"},{"type":"WEB","url":"https://security.gentoo.org/glsa/202105-29"}],"affected":[{"package":{"name":"Tar_jll","ecosystem":"Julia","purl":"pkg:julia/Tar_jll?uuid=9b64493d-8859-5bf3-93d7-7c32dd38186f"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.34.0+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-183.json"}}],"schema_version":"1.7.5"}