Lucene search

K
rosalinuxROSA LABROSA-SA-2023-2205
HistoryAug 01, 2023 - 1:07 p.m.

Advisory ROSA-SA-2023-2205

2023-08-0113:07:57
ROSA LAB
abf.rosalinux.ru
18
libarchive 3.3.3
vulnerability
fix
symbolic link
escalation
privileges
remote code execution
denial of service

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.008

Percentile

81.9%

Software: libarchive 3.3.3
OS: ROSA Virtualization 2.1

package_evr_string: libarchive-3.3.3.3-5.rv3.src.rpm

CVE-ID: CVE-2021-23177
BDU-ID: 2022-01463
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the libarchive archiving library is related to symbolic link tracking. Exploitation of the vulnerability could allow an attacker to escalate their privileges by helping the attacker open a specially crafted archive.
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update libarchive command.

CVE-ID: CVE-2021-31566
BDU-ID: 2022-01464
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the libarchive archiving library is related to symbolic link tracking. Exploitation of the vulnerability could allow an attacker to escalate their privileges by creating a specially formed link to a malicious file
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update libarchive command

CVE-ID: CVE-2022-36227
BDU-ID: 2022-07496
CVE-Crit: CRITICAL.
CVE-DESC.: A vulnerability in the calloc() function of the libarchive archiving library is related to pointer dereferencing errors. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code or cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update libarchive command.

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchlibarchive< 3.3.3UNKNOWN

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.008

Percentile

81.9%