CVE-2024-13941: ouch-org ouch zip.rs convert_zip_date_time memory corruption
First published: Tue Apr 01 2025(Updated: )
A vulnerability was found in ouch-org ouch up to 0.3.1. It has been classified as critical. This affects the function ouch::archive::zip::convert_zip_date_time of the file zip.rs. The manipulation of the argument month leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 0.4.0 is able to address this issue. It is recommended to upgrade the affected component.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ouch-org | <0.3.1 | |
| rust/ouch | <0.4.0 | 0.4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://vuldb.com/?id.302055
- https://vuldb.com/?ctiid.302055
- https://vuldb.com/?submit.524511
- https://github.com/ouch-org/ouch/issues/707
- https://github.com/rustsec/advisory-db/pull/2084/files
- https://github.com/user-attachments/files/16767988/ouch.crash.report.docx
- https://github.com/ouch-org/ouch/releases/tag/0.4.0
- https://nvd.nist.gov/vuln/detail/CVE-2024-13941
- https://github.com/advisories/GHSA-6xfj-hhwh-r3c2 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2024-13941?
CVE-2024-13941 is classified as critical due to its potential for memory corruption.
What software is affected by CVE-2024-13941?
CVE-2024-13941 affects ouch-org ouch versions up to 0.3.1.
What type of vulnerability is CVE-2024-13941?
CVE-2024-13941 is a memory corruption vulnerability caused by improper handling of the month argument.
How do I fix CVE-2024-13941?
To fix CVE-2024-13941, upgrade to a version of ouch that is beyond 0.3.1.
What is the impact of CVE-2024-13941?
The impact of CVE-2024-13941 includes potential exploitation that can lead to memory corruption.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/first-publish-date
- agent/description
- agent/type
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/severity
- agent/author
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-6xfj-hhwh-r3c2
- alias/CVE-2024-13941
- agent/last-modified-date
- agent/references
- agent/source
- agent/softwarecombine
- agent/tags
- agent/event
- collector/nvd-cve
- vendor/ouch-org
- canonical/ouch-org
- package-manager/rust