Lucene search

K

Redhat.comRH:CVE-2024-20697

HistoryJun 04, 2024 - 8:34 p.m.

CVE-2024-20697

2024-06-0420:34:07

redhat.com

access.redhat.com

3

windows

libarchive

remote code execution

vulnerability

cve-2024-20697

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.4%

A flaw was found in the libarchive library. A heap-based buffer overflow in the execute_filter_e8 function in the libarchive/archive_read_support_format_rar.c file can be triggered when a specially crafted RAR archive is processed, causing a crash to the application linked to the library and resulting in a denial of service.

References

bugzilla.redhat.com/show_bug.cgi?id=2290445

github.com/advisories/GHSA-w6xv-37jv-7cjr

github.com/libarchive/libarchive/pull/2135

nvd.nist.gov/vuln/detail/CVE-2024-20697

www.cve.org/CVERecord?id=CVE-2024-20697

www.zerodayinitiative.com/blog/2024/4/17/cve-2024-20697-windows-libarchive-remote-code-execution-vulnerability

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.4%

Related for RH:CVE-2024-20697

redhatcve1 osv3 ubuntucve1 nessus10 prion1 mscve2 cve2 fedora2 openvas7 nvd2 alpinelinux1 cvelist2 wolfi2 slackware1 mageia1 debian1 ubuntu1 debiancve1 photon1 qualysblog1 mskb4 kaspersky2 rapid7blog2