Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-20193
CVE-2022-20193:
NixOS vulnerability analysis and mitigation
Overview
A flaw was discovered in the src/list.c of tar 1.33 and earlier. This vulnerability allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory (Debian Tracker).
Technical details
The vulnerability is tracked as CVE-2021-20193 and affects the memory management functionality in the src/list.c component of GNU tar versions 1.33 and earlier. The issue stems from the tar command's failure to properly free memory when processing certain input files (Ubuntu Security).
Impact
The primary impact of this vulnerability is on system availability. When exploited, the flaw can lead to uncontrolled memory consumption, potentially resulting in a denial of service condition (Ubuntu Security).
Mitigation and workarounds
The vulnerability has been fixed in subsequent releases of tar. Ubuntu has released patches for various versions: 1.34+dfsg-1build1 for Ubuntu 23.04, 22.10, 22.04 LTS, and 21.04, as well as specific patches for older versions like 1.30+dfsg-7ubuntu0.20.04.2 for Ubuntu 20.04 LTS (Ubuntu Security).
Additional resources
Source: This report was generated using AI
Related NixOS vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management