Assigner | microsoft |
Reserved | 2024-02-15 |
Published | 2024-04-09 |
Updated | 2024-07-05 |
Description
Libarchive Remote Code Execution Vulnerability
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Problem types
CWE-122: Heap-based Buffer Overflow
Product status
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26256 (libarchive Remote Code Execution Vulnerability)
https://www.openwall.com/lists/oss-security/2024/06/04/2
https://github.com/libarchive/libarchive/commit/eb7939b24a681a04648a59cdebd386b1e9dc9237.patch
https://github.com/LeSuisse/nixpkgs/commit/81b82a2934521dffef76f7ca305d8d4e22fe7262
https://github.com/libarchive/libarchive/releases/tag/v3.7.4
http://www.openwall.com/lists/oss-security/2024/06/05/1
http://www.openwall.com/lists/oss-security/2024/06/04/2