Описание
Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.
An out-of-bounds read flaw was found in libarchive. This flaw allows an attacker who can supply a specially crafted zip file to libarchive to cause an out-of-bounds read in programs linked with libarchive, using the LZMA zip functionality. The consequences depend on the specific program linked with libarchive. Still, they would most likely result in an application crash or information disclosure that could be used in conjunction with another exploit.
Отчет
Versions of libarchive shipped with Red Hat Enterprise Linux 8 and prior are not affected by this vulnerability as the affected code (zipx_lzma_alone_init routine) is not shipped.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | libarchive | Not affected | ||
| Red Hat Enterprise Linux 7 | libarchive | Not affected | ||
| Red Hat Enterprise Linux 8 | libarchive | Not affected | ||
| Red Hat Enterprise Linux 9 | libarchive | Fixed | RHSA-2022:5252 | 01.07.2022 |
| Red Hat Enterprise Linux 9 | libarchive | Fixed | RHSA-2022:5252 | 01.07.2022 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.
Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.
Libarchive v3.6.0 was discovered to contain an out-of-bounds read via ...
EPSS
6.5 Medium
CVSS3