Tar component in busybox version 1.34.1 has a memory leak bug when trying to unpack a tar file.

[Laurent Bercot]

>A stock Linux system will happily slaughter your system services with the OOM killer before malloc ever returns NULL.

  Only if overcommit is activated, which is not a good idea in embedded
systems where busybox is likely to be used.
  Also, resource limits are a thing, and proper administration practices
make use of them.

  malloc returning NULL is not so far out as people think it is, far
from it. It *does* happen.

--
  Laurent