CVE-2024-20697

Опубликовано: 09 янв. 2024

Источник: redhat

CVSS3: 7.5

Описание

Windows libarchive Remote Code Execution Vulnerability

A flaw was found in the libarchive library. A heap-based buffer overflow in the execute_filter_e8 function in the libarchive/archive_read_support_format_rar.c file can be triggered when a specially crafted RAR archive is processed, causing a crash to the application linked to the library and resulting in a denial of service.

Отчет

The CVE-2024-20697 was assigned to track this issue in Windows systems and the CVE-2024-26256 was assigned to track the issue in libarchive upstream. See the CVE-2024-26256 page for more information about this issue at https://access.redhat.com/security/cve/CVE-2024-26256.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	libarchive	Not affected
Red Hat Enterprise Linux 6	libarchive	Not affected
Red Hat Enterprise Linux 7	libarchive	Not affected
Red Hat Enterprise Linux 8	libarchive	Not affected
Red Hat Enterprise Linux 9	libarchive	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-122

https://bugzilla.redhat.com/show_bug.cgi?id=2290445libarchive: Heap based buffer overflow in rar e8 filter

7.5 High

CVSS3

Связанные уязвимости

CVE-2024-20697

CVSS3: 7.3

nvd

около 2 лет назад

Windows libarchive Remote Code Execution Vulnerability

CVE-2024-20697

CVSS3: 7.3

msrc

около 2 лет назад

Windows libarchive Remote Code Execution Vulnerability

GHSA-w6xv-37jv-7cjr

CVSS3: 7.3

github

около 2 лет назад

Windows Libarchive Remote Code Execution Vulnerability

BDU:2024-00381

CVSS3: 7.3

fstec

около 2 лет назад

Уязвимость библиотеки Libarchive операционной системы Windows, позволяющая нарушителю выполнить произвольный код

SUSE-SU-2024:3940-1

suse-cvrf

около 1 года назад

Security update for libarchive

7.5 High

CVSS3