Latest libarchive libarchive Vulnerabilities

CVE-2023-30571
Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of ...
Libarchive Libarchive<=3.6.2
CVE-2022-36227
In libarchive 3.6.1, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereferen...
Libarchive Libarchive>=3.0.0<3.6.2
Debian Debian Linux=10.0
Fedoraproject Fedora=37
Splunk Universal Forwarder>=8.2.0<8.2.12
Splunk Universal Forwarder>=9.0.0<9.0.6
Splunk Universal Forwarder=9.1.0
CVE-2022-26280
Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.
Libarchive Libarchive=3.6.0
Fedoraproject Fedora=36
CVE-2021-23177
An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user,...
Libarchive Libarchive<3.5.2
Fedoraproject Fedora=35
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux Eus=8.6
Redhat Enterprise Linux For Ibm Z Systems=8.0
Redhat Enterprise Linux For Ibm Z Systems Eus=8.6
and 14 more
CVE-2021-31566
An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a mal...
redhat/libarchive<3.5.2
Libarchive Libarchive<3.5.2
Fedoraproject Fedora=35
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux Eus=8.6
Redhat Enterprise Linux For Ibm Z Systems=8.0
and 24 more
CVE-2021-36976
libarchive. Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation.
Apple macOS Monterey<12.3
Apple watchOS<8.5
Libarchive Libarchive>=3.4.1<=3.5.2
Fedoraproject Fedora=35
Apple iPadOS<15.4
Apple iPhone OS<15.4
and 7 more
CVE-2020-21674
Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory result...
Libarchive Libarchive=3.4.1
CVE-2020-9308
archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspe...
ubuntu/libarchive<3.4.0-1ubuntu0.1
>=3.4.0<3.4.2
=16.04
=18.04
=19.10
=31
and 8 more
CVE-2019-19221
In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.
=3.4.0
=9.0
=10.0
=32
=16.04
=18.04
and 20 more
CVE-2019-18408
archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.
<3.4.0
=8.0
=14.04
=16.04
=18.04
and 14 more
CVE-2019-11463
A memory leak in archive_read_format_zip_cleanup in archive_read_support_format_zip.c in libarchive 3.3.4-dev allows remote attackers to cause a denial of service via a crafted ZIP file because of a H...
Libarchive Libarchive<3.4.0
CVE-2019-1000019
libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_for...
ubuntu/libarchive<3.1.2-7ubuntu2.8
ubuntu/libarchive<3.1.2-11ubuntu0.16.04.6
ubuntu/libarchive<3.2.2-3.1ubuntu0.3
ubuntu/libarchive<3.2.2-5ubuntu0.2
>=3.0.2<3.4.0
=8.0
and 23 more
CVE-2019-1000020
libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 ...
Libarchive Libarchive>=2.8.0<3.4.0
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=18.10
Debian Debian Linux=8.0
and 10 more
CVE-2018-1000879
libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c,...
Libarchive Libarchive>=3.3.0<3.4.0
Fedoraproject Fedora=28
Fedoraproject Fedora=29
Fedoraproject Fedora=30
openSUSE Leap=15.0
CVE-2018-1000878
A use-after-free vulnerability was found in libarchive in RAR decoder. A crafted archive could cause the application to crash. Upstream issue: <a href="https://github.com/libarchive/libarchive/pull/...
Libarchive Libarchive>=3.1.0<3.4.0
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
and 13 more
CVE-2018-1000880
libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_...
Libarchive Libarchive>=3.2.0<3.4.0
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=18.10
Fedoraproject Fedora=29
and 5 more
CVE-2018-1000877
A double free vulnerability was found in libarchive in RAR decoder. A crafted archive could cause the application to crash. Upstream issue: <a href="https://github.com/libarchive/libarchive/pull/110...
Libarchive Libarchive>=3.1.0<3.4.0
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
and 12 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203