diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst
index 47ea316395..4e90f03ca3 100644
--- a/documentation/ref-manual/variables.rst
+++ b/documentation/ref-manual/variables.rst
@@ -1485,6 +1485,13 @@ system and gives an overview of their function and contents.
 
          CVE_PRODUCT = "oracle_berkeley_db berkeley_db"
 
+      Sometimes the product name is not specific enough, for example
+      "tar" has been matching CVEs for the GNU ``tar`` package and also
+      the ``node-tar`` node.js extension. To avoid this problem, use the
+      vendor name as a prefix. The syntax for this is::
+
+         CVE_PRODUCT = "vendor:package"
+
    :term:`CVSDIR`
       The directory in which files checked out under the CVS system are
       stored.