- Vulnerability/
- ZDI-24-1698
ZDI-24-1698: libarchive run_filters Heap-based Buffer Overflow Remote Code Execution Vulnerability
First published: Thu Dec 19 2024(Updated: )
This vulnerability allows remote attackers to execute arbitrary code on affected installations of libarchive. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-26256.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Libarchive |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of ZDI-24-1698?
The severity of ZDI-24-1698 is rated at 7.8 on the CVSS scale, indicating it is a high-risk vulnerability.
How can I fix ZDI-24-1698?
To fix ZDI-24-1698, you should update libarchive to the latest version where this vulnerability has been addressed.
What are the potential impacts of ZDI-24-1698?
ZDI-24-1698 can lead to remote code execution, allowing attackers to run arbitrary code on affected systems.
Which versions of libarchive are affected by ZDI-24-1698?
All versions of libarchive that are prior to the patch release addressing ZDI-24-1698 are vulnerable.
Is user interaction required to exploit ZDI-24-1698?
Yes, interaction with the libarchive library is required to exploit this vulnerability.
- collector/zdi-published
- source/ZDI
- alias/ZDI-CAN-23999
- agent/title
- agent/severity
- agent/last-modified-date
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/libarchive
- canonical/oracle libarchive