Lucene search
K

python-libarchive Python Library <= 4.2.1 Directory Traversal (CVE-2024-55587)

🗓️ 20 Dec 2024 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 8 Views

python-libarchive Python Library version 4.2.1 or lower has a directory traversal vulnerability.

Related
Refs
Code
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for CVE-2024-55587
10 Dec 202406:59
githubexploit
CNNVD
python-libarchive 安全漏洞
12 Dec 202400:00
cnnvd
CVE
CVE-2024-55587
11 Dec 202400:00
cve
Cvelist
CVE-2024-55587
11 Dec 202400:00
cvelist
EUVD
EUVD-2024-3441
11 Dec 202400:00
euvd
Github Security Blog
python-libarchive directory traversal
12 Dec 202403:33
github
NVD
CVE-2024-55587
12 Dec 202402:08
nvd
OSV
GHSA-75MX-HW5Q-PVX3 python-libarchive directory traversal
12 Dec 202403:33
osv
Positive Technologies
PT-2024-36562 · Unknown · Python-Libarchive
11 Dec 202400:00
ptsecurity
RedhatCVE
CVE-2024-55587
23 May 202507:41
redhatcve
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(213287);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/21");

  script_cve_id("CVE-2024-55587");
  script_xref(name:"IAVA", value:"2024-A-0834-S");

  script_name(english:"python-libarchive Python Library <= 4.2.1 Directory Traversal (CVE-2024-55587)");

  script_set_attribute(attribute:"synopsis", value:
"A Python library installed on the remote host is affected by a directory traversal vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of the python-libarchive Python library that is installed on the remote host is 4.2.1 or prior.
It is, therefore, affected by a directory traversal vulnerability. python-libarchive through 4.2.1 allows
directory traversal (to create files) in extract in zip.py for ZipFile.extractall and ZipFile.extract.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://github.com/smartfile/python-libarchive/issues/42");
  script_set_attribute(attribute:"solution", value:
"Upgrade to a version of python-libarchive higher than 4.2.1.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-55587");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/12/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/12/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/12/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"asset_categories", value:"component");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:python:python-libarchive");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2024-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("python_packages_installed_nix.nbin", "python_packages_win_installed.nbin");
  script_require_ports("Host/nix/Python/Packages/Enumerated", "Host/win/Python/Packages/Enumerated");

  exit(0);
}

include('python.inc');

var pkg = 'python-libarchive';
var cpe = 'cpe:/a:python:python-libarchive';

var libs = python::get_package_info(pkg_name:pkg, cpe:cpe);

if (empty_or_null(libs))
  audit(AUDIT_NOT_INST, pkg);

vcf::check_all_backporting(app_info:libs);

var constraints = [
  { 'max_version' : '4.2.1', 'fixed_display': 'Update to a version higher than 4.2.1' }
];

vcf::check_version_and_report(app_info:libs, constraints:constraints, severity:SECURITY_HOLE);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

21 Jan 2026 00:00Current
5.5Medium risk
Vulners AI Score5.5
CVSS 3.18.8
EPSS0.02001
SSVC
8