CVE-2021-33644 Information

Description

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname causing an out-of-bounds read.

Reference

https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807