CVE-2024-48957

Опубликовано: 10 окт. 2024

Источник: debian

EPSS Низкий

Описание

execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
libarchive	fixed	3.7.2-2.1		package
libarchive	fixed	3.6.2-1+deb12u1	bookworm	package
libarchive	not-affected		bullseye	package

Примечания

https://github.com/libarchive/libarchive/pull/2149
https://github.com/libarchive/libarchive/commit/3006bc5d02ad3ae3c4f9274f60c1f9d2d834734b (v3.7.5)

EPSS

Процентиль: 2%

0.00015

Низкий

Связанные уязвимости

CVE-2024-48957

CVSS3: 7.8

ubuntu

8 месяцев назад

execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.

CVE-2024-48957

CVSS3: 7.8

redhat

8 месяцев назад

execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.

CVE-2024-48957

CVSS3: 7.8

nvd

8 месяцев назад

execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.

CVE-2024-48957

CVSS3: 7.8

msrc

8 месяцев назад

Описание отсутствует

SUSE-SU-2024:3675-1

suse-cvrf

8 месяцев назад

Security update for libarchive

EPSS

Процентиль: 2%

0.00015

Низкий