Description
libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).
Related CPE's
a
splunk
universal_forwarder
References
http://seclists.org/fulldisclosure/2022/Mar/27
http://seclists.org/fulldisclosure/2022/Mar/28
http://seclists.org/fulldisclosure/2022/Mar/29
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32375
https://security.gentoo.org/glsa/202208-26
https://support.apple.com/kb/HT213182
https://support.apple.com/kb/HT213183
https://support.apple.com/kb/HT213193
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2021-07-20T07:15:07.950
3 years agoLast modified
2024-03-27T16:04:33.757
1 year ago