Описание
[REJECTED CVE] A vulnerability has been identified in Libarchive in archive_read_support_format_lha.c file. It does not ensure valid sizes for UTF-16 input, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted LHA archive.
Отчет
This CVE has been rejected by Upstream, because the vulnerability was introduced and fixed in the same version, so there is actually no released version with the vulnerable code: https://github.com/libarchive/libarchive/issues/1284#issuecomment-598381071
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | libarchive | Not affected | ||
| Red Hat Enterprise Linux 7 | libarchive | Not affected | ||
| Red Hat Enterprise Linux 8 | libarchive | Not affected |
Показывать по
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it only affected a development version. Notes: none
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it only affected a development version. Notes: none
archive_read_support_format_lha.c in libarchive before 3.4.1 does not ensure valid sizes for UTF-16 input, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted LHA archive.
6.5 Medium
CVSS3