Описание
libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libarchive | fixed | 3.2.0-2 | package |
Примечания
https://github.com/libarchive/libarchive/issues/660
(with reproducer) https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207362
Fixed by: https://github.com/libarchive/libarchive/commit/6e06b1c89dd0d16f74894eac4cfc1327a06ee4a0
Fix improved by: https://github.com/libarchive/libarchive/commit/37649d274867edd2dd25d8a3057c3b6cd81ce83e
EPSS
Связанные уязвимости
libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.
libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.
libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.
libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.
Уязвимость библиотеки libarchive, существующая из-за ошибки управления ресурсами, позволяющая нарушителю вызвать отказ в обслуживании
EPSS