CVE-2019-11463
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A memory leak in archive_read_format_zip_cleanup in archive_read_support_format_zip.c in libarchive 3.3.4-dev allows remote attackers to cause a denial of service via a crafted ZIP file because of a HAVE_LZMA_H typo. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected.
Una pérdida de memoria en la función archive_read_format_zip_cleanup en el archivo archive_read_support_format_zip.c en libarchive 3.3.4-dev permite a los atacantes remotos provocar una Denegación de Servicio a través de un archivo ZIP creado debido a un error tipográfico HAVE_LZMA_H. NOTA: esto solo impacta a los usuarios que descargaron el código de desarrollo de GitHub. Los usuarios de las versiones oficiales del producto no se ven afectados.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-04-22 CVE Reserved
- 2019-04-23 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-401: Missing Release of Memory after Effective Lifetime
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://access.redhat.com/security/cve/cve-2019-11463 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://github.com/libarchive/libarchive/issues/1165 | 2024-08-04 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/libarchive/libarchive/commit/ba641f73f3d758d9032b3f0e5597a9c6e593a505 | 2020-12-08 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Libarchive Search vendor "Libarchive" | Libarchive Search vendor "Libarchive" for product "Libarchive" | < 3.4.0 Search vendor "Libarchive" for product "Libarchive" and version " < 3.4.0" | - |
Affected
| ||||||