CVE-2020-9308
https://notcve.org/view.php?id=CVE-2020-9308
archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspecified other impact. El archivo archive_read_support_format_rar5.c en libarchive versiones anteriores a 3.4.2, intenta descomprimir un archivo RAR5 con un encabezado no válido o corrupto (tal y como un tamaño de encabezado de cero), conllevando a un SIGSEGV o posiblemente a otro impacto no especificado. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20459 https://github.com/libarchive/libarchive/pull/1326 https://github.com/libarchive/libarchive/pull/1326/commits/94821008d6eea81e315c5881cdf739202961040a https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6OTE7GWASH2ZOVG5H3HEN5PR6B3KF7JB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J76F7VU7HC3GBKG5SAKTRBOFOI3RGO6M https://security.gentoo.org/glsa/202003-28 https://usn.ubuntu.com/4293-1 • CWE-787: Out-of-bounds Write •
CVE-2019-19221 – libarchive: out-of-bounds read in archive_wstring_append_from_mbs in archive_string.c
https://notcve.org/view.php?id=CVE-2019-19221
In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive. En Libarchive versión 3.4.0, la función archive_wstring_append_from_mbs en el archivo archive_string.c presenta una lectura fuera de límites debido a una llamada mbrtowc o mbtowc incorrecta. Por ejemplo, bsdtar se bloquea por medio de un archivo diseñado. • https://github.com/libarchive/libarchive/commit/22b1db9d46654afc6f0c28f90af8cdc84a199f41 https://github.com/libarchive/libarchive/issues/1276 https://lists.debian.org/debian-lts-announce/2022/04/msg00020.html https://lists.debian.org/debian-lts-announce/2022/11/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RHFV25AVTASTWZRF3KTSL357AQ6TYHM4 https://usn.ubuntu.com/4293-1 https://access.redhat.com/security/cve/CVE-2019-19221 https://bugzilla.redhat.com/show • CWE-125: Out-of-bounds Read •