CVE-2021-36976
https://notcve.org/view.php?id=CVE-2021-36976
libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block). libarchive versiones 3.4.1 hasta 3.5.1, presenta un uso de memoria previamente liberada en la función copy_string (llamado desde do_uncompress_block y process_block) • http://seclists.org/fulldisclosure/2022/Mar/27 http://seclists.org/fulldisclosure/2022/Mar/28 http://seclists.org/fulldisclosure/2022/Mar/29 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32375 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libarchive/OSV-2021-557.yaml https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SE5NJQNM22ZE5Z55LPAGCUHSBQZBKMKC https://security.gentoo.org/glsa/202208-26 https://support.apple.com/kb/HT213182 • CWE-416: Use After Free •
CVE-2020-21674
https://notcve.org/view.php?id=CVE-2020-21674
Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive file. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected. Un desbordamiento del búfer en la región heap de la memoria en la función archive_string_append_from_wcs() (en el archivo archive_string.c) en libarchive-3.4.1dev, permite a atacantes remotos causar una denegación de servicio (una escritura fuera de límites en la memoria de la pila resultando en un bloqueo) por medio de un archivo de almacenamiento diseñado. NOTA: esto solo afecta a los usuarios que descargaron el código de desarrollo de GitHub. • https://github.com/libarchive/libarchive/commit/4f085eea879e2be745f4d9bf57e8513ae48157f4 https://github.com/libarchive/libarchive/issues/1298 • CWE-787: Out-of-bounds Write •
CVE-2020-9308
https://notcve.org/view.php?id=CVE-2020-9308
archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspecified other impact. El archivo archive_read_support_format_rar5.c en libarchive versiones anteriores a 3.4.2, intenta descomprimir un archivo RAR5 con un encabezado no válido o corrupto (tal y como un tamaño de encabezado de cero), conllevando a un SIGSEGV o posiblemente a otro impacto no especificado. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20459 https://github.com/libarchive/libarchive/pull/1326 https://github.com/libarchive/libarchive/pull/1326/commits/94821008d6eea81e315c5881cdf739202961040a https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6OTE7GWASH2ZOVG5H3HEN5PR6B3KF7JB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J76F7VU7HC3GBKG5SAKTRBOFOI3RGO6M https://security.gentoo.org/glsa/202003-28 https://usn.ubuntu.com/4293-1 • CWE-787: Out-of-bounds Write •
CVE-2019-19221 – libarchive: out-of-bounds read in archive_wstring_append_from_mbs in archive_string.c
https://notcve.org/view.php?id=CVE-2019-19221
In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive. En Libarchive versión 3.4.0, la función archive_wstring_append_from_mbs en el archivo archive_string.c presenta una lectura fuera de límites debido a una llamada mbrtowc o mbtowc incorrecta. Por ejemplo, bsdtar se bloquea por medio de un archivo diseñado. • https://github.com/libarchive/libarchive/commit/22b1db9d46654afc6f0c28f90af8cdc84a199f41 https://github.com/libarchive/libarchive/issues/1276 https://lists.debian.org/debian-lts-announce/2022/04/msg00020.html https://lists.debian.org/debian-lts-announce/2022/11/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RHFV25AVTASTWZRF3KTSL357AQ6TYHM4 https://usn.ubuntu.com/4293-1 https://access.redhat.com/security/cve/CVE-2019-19221 https://bugzilla.redhat.com/show • CWE-125: Out-of-bounds Read •
CVE-2019-18408 – libarchive: use-after-free in archive_read_format_rar_read_data when there is an error in the decompression of an archive entry
https://notcve.org/view.php?id=CVE-2019-18408
archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol. La función archive_read_format_rar_read_data en el archivo archive_read_support_format_rar.c en libarchive versiones anteriores a 3.4.0, presenta un uso de la memoria previamente liberada en una determinada situación de ARCHIVE_FAILED, relacionada con Ppmd7_DecodeSymbol. A use-after-free vulnerability was discovered in libarchive in the way it processes RAR archives when there is an error in one of the archive's entries. An application that accepts untrusted RAR archives may be vulnerable to this flaw, which could allow a remote attacker to cause a denial of service or to potentially execute code. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html https://access.redhat.com/errata/RHSA-2020:0203 https://access.redhat.com/errata/RHSA-2020:0246 https://access.redhat.com/errata/RHSA-2020:0271 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14689 https://github.com/libarchive/libarchive/commit/b8592ecba2f9e451e1f5cb7ab6dcee8b8e7b3f60 https://github.com/libarchive/libarchive/compare/v3.3.3.. • CWE-416: Use After Free •