CVE-2021-36976

Опубликовано: 20 июл. 2021

Источник: debian

EPSS Низкий

Описание

libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).

Пакет	Статус	Версия исправления	Релиз	Тип
libarchive	fixed	3.6.0-1		package
libarchive	not-affected		buster	package
libarchive	not-affected		stretch	package

https://github.com/libarchive/libarchive/issues/1554
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32375
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libarchive/OSV-2021-557.yaml
Introduced by: https://github.com/libarchive/libarchive/commit/47bb8187d3ef2d49ee8c7841cb2872b3cfa1f6f7 (v3.4.1)
Fixed by: https://github.com/libarchive/libarchive/commit/17f4e83c0f0fc3bacf4b2bbacb01f987bb5aff5f (v3.6.0)

EPSS

Процентиль: 30%

0.00106

Низкий

CVE-2021-36976

CVSS3: 6.5

ubuntu

почти 4 года назад

libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).

CVE-2021-36976

CVSS3: 6.5

redhat

около 4 лет назад

libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).

CVE-2021-36976

CVSS3: 6.5

nvd

почти 4 года назад

libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).

CVE-2021-36976

msrc

больше 3 лет назад

Libarchive Remote Code Execution Vulnerability

GHSA-4fxq-mcvv-8fqm

CVSS3: 6.5

github

около 3 лет назад

libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).

EPSS

Процентиль: 30%

0.00106

Низкий