Processing fixup entries may follow symbolic links. (CVE-2021-31566) libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block). (CVE-2021-36976)

OSVersionArchitecturePackageVersionFilename
Mageia8noarchlibarchive< 3.5.3-1libarchive-3.5.3-1.mga8

OS	Version	Architecture	Package	Version	Filename
Mageia	8	noarch	libarchive	< 3.5.3-1	libarchive-3.5.3-1.mga8

References

bugs.mageia.org/show_bug.cgi?id=30023

github.com/libarchive/libarchive/releases/tag/v3.5.3

nessus 46

fedora 1

openvas 33

ubuntu 1

osv 7

gentoo 1

redhatcve 2

veracode 2

nvd 2

debiancve 2

cbl_mariner 2

alpinelinux 2

cvelist 2

mscve 1

prion 2

cve 2

ubuntucve 2

amazon 1

photon 5

rocky 1

suse 2

redhat 16

almalinux 1

redos 1

oraclelinux 1

debian 2

rosalinux 1

krebs 1

malwarebytes 1

hivepro 1

thn 1

threatpost 1

ibm 3

apple 3

mskb 5

kaspersky 1

rapid7blog 1

nessus

Amazon Linux 2022 : (ALAS2022-2022-059)

2022-09-07 00:00:00

Amazon Linux 2023 : bsdcat, bsdcpio, bsdtar (ALAS2023-2023-071)

2023-03-21 00:00:00

Ubuntu 20.04 LTS : libarchive vulnerabilities (USN-5291-1)

2022-02-17 00:00:00

fedora

[SECURITY] Fedora 35 Update: libarchive-3.5.3-1.fc35

2022-02-24 23:09:25

openvas

Mageia: Security Advisory (MGASA-2022-0060)

2022-02-13 00:00:00

Fedora: Security Advisory for libarchive (FEDORA-2022-9bb794c5f5)

2022-02-25 00:00:00

Ubuntu: Security Advisory (USN-5291-1)

2022-02-18 00:00:00

ubuntu

libarchive vulnerabilities

2022-02-17 00:00:00

osv

libarchive vulnerabilities

2022-02-17 13:54:10

CVE-2021-36976

2021-07-20 07:15:07

CVE-2021-31566

2022-08-23 16:15:09

gentoo

libarchive: Multiple Vulnerabilities

2022-08-14 00:00:00

redhatcve

CVE-2021-36976

2021-07-21 20:24:22

CVE-2021-31566

2021-12-16 10:55:05

veracode

Use After Free

2022-02-24 21:48:59

Arbitrary File Write

2022-04-10 22:49:47

nvd

CVE-2021-36976

2021-07-20 07:15:07

CVE-2021-31566

2022-08-23 16:15:09

debiancve

CVE-2021-36976

2021-07-20 07:15:07

CVE-2021-31566

2022-08-23 16:15:09

cbl_mariner

CVE-2021-36976 affecting package libarchive 3.4.2-3

2022-08-24 22:05:05

CVE-2021-36976 affecting package libarchive for versions less than 3.6.0-1

2022-04-09 06:51:47

alpinelinux

CVE-2021-31566

2022-08-23 16:15:09

CVE-2021-36976

2021-07-20 07:15:07

cvelist

CVE-2021-36976

2021-07-20 06:49:15

CVE-2021-31566

2022-08-23 00:00:00

mscve

Libarchive Remote Code Execution Vulnerability

2022-01-11 08:00:00

prion

Double free

2021-07-20 07:15:00

Input validation

2022-08-23 16:15:00

cve

CVE-2021-36976

2021-07-20 07:15:07

CVE-2021-31566

2022-08-23 16:15:09

ubuntucve

CVE-2021-36976

2021-07-20 00:00:00

CVE-2021-31566

2021-12-24 00:00:00

amazon

Medium: libarchive

2023-11-29 22:20:00

photon

Important Photon OS Security Update - PHSA-2022-0246

2022-09-16 00:00:00

Important Photon OS Security Update - PHSA-2022-4.0-0246

2022-09-16 00:00:00

Important Photon OS Security Update - PHSA-2022-3.0-0447

2022-09-07 00:00:00

rocky

libarchive security update

2022-03-15 09:11:33

suse

Security update for libarchive (moderate)

2022-03-24 00:00:00

Security update for libarchive (moderate)

2022-06-02 00:00:00

redhat

(RHSA-2022:0892) Moderate: libarchive security update

2022-03-15 09:11:33

(RHSA-2022:5132) Important: RHACS 3.68 security update

2022-06-20 17:18:52

(RHSA-2022:1039) Important: Red Hat OpenShift GitOps security update

2022-03-23 21:13:24

almalinux

Moderate: libarchive security update

2022-03-15 09:11:33

redos

ROS-20220322-02

2022-03-22 00:00:00

oraclelinux

libarchive security update

2022-03-16 00:00:00

debian

[SECURITY] [DLA 2987-1] libarchive security update

2022-04-30 22:21:35

[SECURITY] [DLA 3202-1] libarchive security update

2022-11-22 17:32:50

rosalinux

Advisory ROSA-SA-2023-2205

2023-08-01 13:07:57

krebs

‘Wormable’ Flaw Leads January 2022 Patch Tuesday

2022-01-11 22:18:55

malwarebytes

[updated] You can update now: Microsoft patches 97 bugs including 6 zero-days and a wormable one

2022-01-12 17:02:25

hivepro

Microsoft Patch Tuesday fixes critical zero-days along with 97 other flaws

2022-01-12 07:30:07

thn

First Patch Tuesday of 2022 Brings Fix for a Critical 'Wormable' Windows Vulnerability

2022-01-12 06:42:00

threatpost

Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days

2022-01-11 21:54:57

ibm

Security Bulletin: IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities

2022-07-26 14:35:29

Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities

2023-01-19 13:54:16

Security Bulletin: Netcool Operations Insight v1.6.6 contains fixes for multiple security vulnerabilities.

2022-10-25 13:11:39

apple

About the security content of watchOS 8.5

2022-03-14 00:00:00

About the security content of iOS 15.4 and iPadOS 15.4

2022-03-14 00:00:00

About the security content of macOS Monterey 12.3

2022-03-14 00:00:00

mskb

January 11, 2022—KB5009566 (OS Build 22000.434)

2022-01-11 08:00:00

January 11, 2022—KB5009545 (OS Build 18363.2037)

2022-01-11 08:00:00

January 11, 2022—KB5009557 (OS Build 17763.2452)

2022-01-11 08:00:00

kaspersky

KLA12422 Multiple vulnerabilities in Microsoft Windows

2022-01-11 00:00:00

rapid7blog

Patch Tuesday - January 2022

2022-01-11 21:41:56

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.005 Low

EPSS

Percentile

77.3%

JSON

Related for MGASA-2022-0060