Main Vulnerability Database Vulnerabilities #VU23841

#VU23841 Buffer overflow in libarchive

Published: December 30, 2019

Vulnerability identifier: #VU23841

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: N/A

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
libarchive

Software vendor:
libarchive

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing archives in /libarchive/archive_read_support_format_rar5.c in RAR5 reader. The application was using a declared window_size within the supplied archive that lead to memory corruption.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install updates from vendor's website.

External links

https://github.com/libarchive/libarchive/releases/tag/v3.4.1
https://github.com/libarchive/libarchive/pull/1296
https://github.com/libarchive/libarchive/pull/1296/commits/c9267d665c30fa78023bd70b8e9c6f02450777e2

#VU23841 Buffer overflow in libarchive

Description

Remediation

External links

Please verify you're human