CVE-2024-37407
https://notcve.org/view.php?id=CVE-2024-37407
Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c. Libarchive anterior a 3.7.4 permite el acceso a nombres fuera de los límites cuando un archivo ZIP tiene un archivo con nombre vacío y mac-ext está habilitado. Esto ocurre en slurp_central_directory en archive_read_support_format_zip.c. • https://github.com/libarchive/libarchive/commit/b6a979481b7d77c12fa17bbed94576b63bbcb0c0 https://github.com/libarchive/libarchive/pull/2145 https://github.com/libarchive/libarchive/releases/tag/v3.7.4 • CWE-125: Out-of-bounds Read •
CVE-2023-30571
https://notcve.org/view.php?id=CVE-2023-30571
Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories. Libarchive hasta la versión 3.6.2 puede hacer que los directorios tengan permisos de escritura global. La llamada "umask()" dentro del archivo "archive_write_disk_posix.c" cambia la máscara de usuario de todo el proceso durante un periodo de tiempo muy corto; una condición de carrera con otro hilo puede llevar a un ajuste permanente de la máscara de usuario a 0. • https://github.com/libarchive/libarchive/issues/1876 https://groups.google.com/g/libarchive-announce • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2021-31566 – libarchive: symbolic links incorrectly followed when changing modes, times, ACL and flags of a file while extracting an archive
https://notcve.org/view.php?id=CVE-2021-31566
An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system. Un fallo de resolución de enlaces inapropiado puede ocurrir mientras es extraído un archivo que conlleva a un cambio de modos, tiempos, listas de control de acceso y flags de un archivo fuera del archivo. Un atacante puede proporcionar un archivo malicioso a un usuario víctima, que desencadenaría este fallo cuando intente extraer el archivo. • https://access.redhat.com/security/cve/CVE-2021-31566 https://bugzilla.redhat.com/show_bug.cgi?id=2024237 https://github.com/libarchive/libarchive/commit/b41daecb5ccb4c8e3b2c53fd6147109fc12c3043 https://github.com/libarchive/libarchive/issues/1566 https://lists.debian.org/debian-lts-announce/2022/11/msg00030.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2021-23177 – libarchive: extracting a symlink with ACLs modifies ACLs of target
https://notcve.org/view.php?id=CVE-2021-23177
An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges. Un fallo de resolución de enlaces inapropiado mientras es extraído un archivo puede conllevar a un cambio de la lista de control de acceso (ACL) del objetivo del enlace. Un atacante puede proporcionar un archivo malicioso a un usuario víctima, que desencadenaría este fallo cuando intentara extraer el archivo. • https://access.redhat.com/security/cve/CVE-2021-23177 https://bugzilla.redhat.com/show_bug.cgi?id=2024245 https://github.com/libarchive/libarchive/commit/fba4f123cc456d2b2538f811bb831483bf336bad https://github.com/libarchive/libarchive/issues/1565 https://lists.debian.org/debian-lts-announce/2022/11/msg00030.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2019-18408 – libarchive: use-after-free in archive_read_format_rar_read_data when there is an error in the decompression of an archive entry
https://notcve.org/view.php?id=CVE-2019-18408
archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol. La función archive_read_format_rar_read_data en el archivo archive_read_support_format_rar.c en libarchive versiones anteriores a 3.4.0, presenta un uso de la memoria previamente liberada en una determinada situación de ARCHIVE_FAILED, relacionada con Ppmd7_DecodeSymbol. A use-after-free vulnerability was discovered in libarchive in the way it processes RAR archives when there is an error in one of the archive's entries. An application that accepts untrusted RAR archives may be vulnerable to this flaw, which could allow a remote attacker to cause a denial of service or to potentially execute code. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html https://access.redhat.com/errata/RHSA-2020:0203 https://access.redhat.com/errata/RHSA-2020:0246 https://access.redhat.com/errata/RHSA-2020:0271 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14689 https://github.com/libarchive/libarchive/commit/b8592ecba2f9e451e1f5cb7ab6dcee8b8e7b3f60 https://github.com/libarchive/libarchive/compare/v3.3.3.. • CWE-416: Use After Free •