Описание
Libarchive Remote Code Execution Vulnerability
A flaw was found in the libarchive library. A heap-based buffer overflow in the execute_filter_e8 function in the libarchive/archive_read_support_format_rar.c file can be triggered when a specially crafted RAR archive is processed, causing a crash to the application linked to the library, and resulting in a denial of service.
Отчет
The remote code execution is only mentioned in Windows context without any evidence or PoC. As this issue is only a small buffer over-read, without impact to integrity or confidentiality, this flaw was rated as causing only a denial of service to the application linked to the libarchive library. Additionally, libarchive as shipped in Red Hat Enterprise Linux 6, 7, 8 and 9, is not affected by this vulnerability because the vulnerable code was introduced in a newer version of libarchive.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | libarchive | Not affected | ||
| Red Hat Enterprise Linux 6 | libarchive | Not affected | ||
| Red Hat Enterprise Linux 7 | libarchive | Not affected | ||
| Red Hat Enterprise Linux 8 | libarchive | Not affected | ||
| Red Hat Enterprise Linux 9 | libarchive | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
EPSS
7.5 High
CVSS3