CVE-2019-19221

Опубликовано: 21 нояб. 2019

Источник: debian

EPSS Низкий

Описание

In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
libarchive	fixed	3.4.2-1		package
libarchive	no-dsa		jessie	package

Примечания

https://github.com/libarchive/libarchive/commit/22b1db9d46654afc6f0c28f90af8cdc84a199f41
https://github.com/libarchive/libarchive/issues/1276

EPSS

Процентиль: 24%

0.00079

Низкий

Связанные уязвимости

CVE-2019-19221

CVSS3: 5.5

ubuntu

около 6 лет назад

In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.

CVE-2019-19221

CVSS3: 6.5

redhat

около 6 лет назад

In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.

CVE-2019-19221

CVSS3: 5.5

nvd

около 6 лет назад

In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.

SUSE-SU-2021:3722-1

suse-cvrf

около 4 лет назад

Security update for libarchive

GHSA-m55v-6hqc-x3jh

CVSS3: 5.5

github

больше 3 лет назад

In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.

EPSS

Процентиль: 24%

0.00079

Низкий