CVE-2021-33640 : What You Need to Know

A use-after-free vulnerability was discovered in openEuler's libtar library, affecting certain versions of openEuler. Attackers can exploit this issue to potentially execute arbitrary code or cause a denial of service.

Understanding CVE-2021-33640

After the tar_close() function is called, libtar.c does not handle memory properly, leading to the use-after-free vulnerability.

What is CVE-2021-33640?

CVE-2021-33640 is a use-after-free vulnerability in openEuler's libtar library, allowing attackers to exploit released memory and potentially execute arbitrary code.

The Impact of CVE-2021-33640

The impact of this vulnerability could result in attackers executing arbitrary code or causing a denial of service on affected systems.

Technical Details of CVE-2021-33640

In the list() function, after tar_close() is called, libtar.c continues to use a pointer t, resulting in the released memory being used (use-after-free).

Vulnerability Description

The vulnerability arises due to improper handling of memory after the tar_close() function, leading to the potential exploitation of released memory.

Affected Systems and Versions

openEuler 22.03 LTS with libtar 1.2.20-21
openEuler 20.03 LTS SP1 with libtar 1.2.20-19
openEuler 20.03 LTS SP3 with libtar 1.2.20-19

Exploitation Mechanism

Attackers can exploit this vulnerability by manipulating the released memory to execute arbitrary code or disrupt system availability.

Mitigation and Prevention

To mitigate CVE-2021-33640, users should follow immediate steps and adopt long-term security practices.

Immediate Steps to Take

Users are advised to apply relevant patches and updates provided by openEuler to address this vulnerability.

Long-Term Security Practices

Implement secure coding practices and regularly update software to prevent such vulnerabilities.

Patching and Updates

Ensure that the affected versions of libtar on the openEuler distributions are updated with the latest patches to mitigate the risk of exploitation.