Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-37407

Опубликовано: 08 июн. 2024
Источник: debian
EPSS Низкий

Описание

Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libarchivenot-affectedpackage

Примечания

  • https://github.com/libarchive/libarchive/pull/2145

  • Introduced by: https://github.com/libarchive/libarchive/commit/390d83012fdba8c8db7fc9915338805882b0597a (v3.7.3)

  • Fixed by: https://github.com/libarchive/libarchive/commit/b6a979481b7d77c12fa17bbed94576b63bbcb0c0 (v3.7.4)

EPSS

Процентиль: 58%
0.00372
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-37407

CVSS3: 9.1
ubuntu
больше 1 года назад

Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c.

redhat логотип

CVE-2024-37407

CVSS3: 8.8
redhat
больше 1 года назад

Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c.

nvd логотип

CVE-2024-37407

CVSS3: 9.1
nvd
больше 1 года назад

Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c.

msrc логотип

CVE-2024-37407

CVSS3: 9.1
msrc
больше 1 года назад

Описание отсутствует

github логотип

GHSA-xjwr-37fp-hq82

CVSS3: 9.1
github
больше 1 года назад

Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c.

EPSS

Процентиль: 58%
0.00372
Низкий