Описание
execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.
A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_audio function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.
Отчет
The libarchive library as shipped in Red Hat Enterprise Linux 6, 7, 8, 9 and Red Hat OpenShift Container Platform 4 is not affected by this vulnerability because the vulnerable code was introduced in a newer version of libarchive.
Меры по смягчению последствий
Do not process untrusted files with the libarchive library.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | libarchive | Not affected | ||
| Red Hat Enterprise Linux 7 | libarchive | Not affected | ||
| Red Hat Enterprise Linux 8 | libarchive | Not affected | ||
| Red Hat Enterprise Linux 9 | libarchive | Not affected | ||
| Red Hat OpenShift Container Platform 4 | rhcos | Not affected |
Показывать по
Дополнительная информация
Статус:
7.8 High
CVSS3
Связанные уязвимости
execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.
execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.
execute_filter_audio in archive_read_support_format_rar.c in libarchiv ...
7.8 High
CVSS3