CPE Details
libarchive 3.6.2
3.6.2
2024-03-08
17h37 +00:00
17h37 +00:00
2024-03-08
17h37 +00:00
17h37 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
CPE Name: cpe:2.3:a:libarchive:libarchive:3.6.2:*:*:*:*:*:*:*
Informations
Vendor
libarchiveProduct
libarchiveVersion
3.6.2Related CVE
| CVE ID | Publié | Description | Score | Gravité |
|---|---|---|---|---|
| A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 4.8 |
Moyen |
||
| execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. | 7.8 |
Haute |
||
| execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. | 7.8 |
Haute |
||
| Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c. | 9.1 |
Critique |
||
| Libarchive Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories. | 5.3 |
Moyen |
2025©
tesweb SA
