Описание
archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.
A use-after-free vulnerability was discovered in libarchive in the way it processes RAR archives when there is an error in one of the archive's entries. An application that accepts untrusted RAR archives may be vulnerable to this flaw, which could allow a remote attacker to cause a denial of service or to potentially execute code.
Отчет
This issue did not affect the versions of libarchive as shipped with Red Hat Enterprise Linux 6 as they did not include support for RAR archives.
Меры по смягчению последствий
No known mitigation.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | libarchive | Not affected | ||
| Red Hat Enterprise Linux 7 | libarchive | Fixed | RHSA-2020:0203 | 22.01.2020 |
| Red Hat Enterprise Linux 8 | libarchive | Fixed | RHSA-2020:0271 | 29.01.2020 |
| Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions | libarchive | Fixed | RHSA-2020:0246 | 27.01.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.1 High
CVSS3
Связанные уязвимости
archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.
archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.
archive_read_format_rar_read_data in archive_read_support_format_rar.c ...
archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.
EPSS
8.1 High
CVSS3