Описание
Windows libarchive Remote Code Execution Vulnerability
A flaw was found in the libarchive library. An out-of-bounds access in the copy_from_lzss_window_to_unp function in the libarchive/archive_read_support_format_rar.c file can be triggered due to an integer overflow when a specially crafted RAR archive is processed, causing a crash to the application linked to the library and resulting in a denial of service.
Отчет
The remote code execution is only mentioned in the Windows context without any evidence or PoC. As this issue is an out-of-bounds access only, without impact to integrity or confidentiality, this flaw was rated as causing only a denial of service to the application linked to the libarchive library. Additionally, libarchive as shipped in Red Hat Enterprise Linux 6, 7, 8 and 9, is not affected by this vulnerability because the vulnerable code was introduced in a newer version of libarchive.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | libarchive | Not affected | ||
| Red Hat Enterprise Linux 7 | libarchive | Not affected | ||
| Red Hat Enterprise Linux 8 | libarchive | Not affected | ||
| Red Hat Enterprise Linux 9 | libarchive | Not affected |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
Windows libarchive Remote Code Execution Vulnerability
Windows libarchive Remote Code Execution Vulnerability
Windows libarchive Remote Code Execution Vulnerability
Windows libarchive Remote Code Execution Vulnerability
7.5 High
CVSS3