Lucene search

K
osvGoogleOSV:USN-5291-1
HistoryFeb 17, 2022 - 1:54 p.m.

libarchive vulnerabilities

2022-02-1713:54:10
Google
osv.dev
12
libarchive
symlink
rar
vulnerabilities
denial of service
arbitrary code
cve-2021-23177
cve-2021-31566
cve-2021-36976
acls

AI Score

8.1

Confidence

High

EPSS

0.005

Percentile

77.3%

It was discovered that libarchive incorrectly handled symlinks. If a
user or automated system were tricked into processing a specially crafted
archive, an attacker could possibly use this issue to change modes, times,
ACLs, and flags on arbitrary files. (CVE-2021-23177, CVE-2021-31566)

It was discovered that libarchive incorrectly handled certain RAR archives.
If a user or automated system were tricked into processing a specially
crafted RAR archive, an attacker could use this issue to cause libarchive
to crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2021-36976)