CVE-2021-33646

The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak.

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

Name	Vendor	Start Version	End Version
Libtar	Feep	*	1.2.21 (excluding)
Red Hat Enterprise Linux 8	RedHat	libtar-0:1.2.20-17.el8	*
Libtar	Ubuntu	bionic	*
Libtar	Ubuntu	esm-apps/bionic	*
Libtar	Ubuntu	esm-apps/focal	*
Libtar	Ubuntu	esm-apps/jammy	*
Libtar	Ubuntu	esm-apps/noble	*
Libtar	Ubuntu	esm-apps/xenial	*
Libtar	Ubuntu	focal	*
Libtar	Ubuntu	jammy	*
Libtar	Ubuntu	kinetic	*
Libtar	Ubuntu	lunar	*
Libtar	Ubuntu	mantic	*
Libtar	Ubuntu	noble	*
Libtar	Ubuntu	oracular	*
Libtar	Ubuntu	trusty	*
Libtar	Ubuntu	xenial	*

Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
For example, glibc in Linux provides protection against free of invalid pointers.
When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.

NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-33646
CWE	https://cwe.mitre.org/data/definitions/401.html

Missing Release of Memory after Effective Lifetime