libarchive 3.6.1

CPE Details

libarchive 3.6.1
libarchive
libarchive
3.6.1
2022-08-25
11h15 +00:00
2022-08-25
11h17 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:libarchive:libarchive:3.6.1:*:*:*:*:*:*:*

Informations

Vendor

libarchive

Product

libarchive

Version

3.6.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-48615 2025-03-28 00h00 +00:00 Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function header_pax_extension at rchive_read_support_format_tar.c:1844:8.
7.5
High
CVE-2025-1632 2025-02-24 13h31 +00:00 A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
4.8
Medium
CVE-2024-48957 2024-10-09 22h00 +00:00 execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.
7.8
High
CVE-2024-48958 2024-10-09 22h00 +00:00 execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.
7.8
High
CVE-2024-37407 2024-06-08 00h00 +00:00 Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c.
9.1
Critical
CVE-2024-26256 2024-04-09 17h00 +00:00 Libarchive Remote Code Execution Vulnerability
7.8
High
CVE-2023-30571 2023-05-28 22h00 +00:00 Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.
5.3
Medium
CVE-2022-36227 2022-11-21 23h00 +00:00 In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution."
9.8
Critical
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.