CPE-BEA37C95-8811-4863-85CB-19A2C00535F4 Detail

CPE Details

libarchive 3.6.0

Vendor

libarchive

Product

libarchive

Version

3.6.0

Created

2022-04-02
00h19 +00:00

Modified

2022-08-25
11h17 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:libarchive:libarchive:3.6.0:::::::*

Informations

Vendor

libarchive

Product

libarchive

Version

3.6.0

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2025-1632	2025-02-24 13h31 +00:00	A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.	4.8	Medium
CVE-2024-48957	2024-10-09 22h00 +00:00	execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.	7.8	High
CVE-2024-48958	2024-10-09 22h00 +00:00	execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.	7.8	High
CVE-2024-37407	2024-06-08 00h00 +00:00	Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c.	9.1	Critical
CVE-2024-26256	2024-04-09 17h00 +00:00	Libarchive Remote Code Execution Vulnerability	7.8	High
CVE-2023-30571	2023-05-28 22h00 +00:00	Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.	5.3	Medium
CVE-2022-36227	2022-11-21 23h00 +00:00	In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution."	9.8	Critical
CVE-2022-26280	2022-03-28 19h28 +00:00	Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.	6.5	Medium

libarchive 3.6.0

CPE Details

CPE Name: cpe:2.3:a:libarchive:libarchive:3.6.0:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:libarchive:libarchive:3.6.0:::::::*