Main Vulnerability Database Vulnerabilities #VU23841

Buffer overflow in libarchive - #VU23841

Published: December 30, 2019

Vulnerability identifier: #VU23841

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: N/A

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: libarchive

Affected software:
libarchive

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing archives in /libarchive/archive_read_support_format_rar5.c in RAR5 reader. The application was using a declared window_size within the supplied archive that lead to memory corruption.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install updates from vendor's website.

Sources

https://github.com/libarchive/libarchive/releases/tag/v3.4.1
https://github.com/libarchive/libarchive/pull/1296
https://github.com/libarchive/libarchive/pull/1296/commits/c9267d665c30fa78023bd70b8e9c6f02450777e2

Buffer overflow in libarchive - #VU23841

Detailed vulnerability description

Remediation

Sources

Please verify you're human