CVE-2020-21674: Buffer Overflow
First published: Thu Oct 15 2020(Updated: )
Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive file. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Libarchive Libarchive | =3.4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this heap-based buffer overflow?
The vulnerability ID is CVE-2020-21674.
What is the severity of CVE-2020-21674?
The severity of CVE-2020-21674 is medium with a CVSS score of 6.5.
Which software version is affected by this vulnerability?
The vulnerability affects libarchive version 3.4.1.
How can the vulnerability be exploited?
The vulnerability can be exploited by remote attackers through a crafted archive file, causing a denial of service and potentially crashing the system.
Is there a fix available for this vulnerability?
Yes, a fix for this vulnerability is available. Please refer to the provided references for more information.
- agent/references
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/remedy
- agent/weakness
- agent/author
- agent/description
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/libarchive
- canonical/libarchive libarchive
- version/libarchive libarchive/3.4.1