ROSA LABROSA-SA-2024-2421Advisory ROSA-SA-2024-2421
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
36.8%
Software: libarchive 3.3.3
OS: ROSA Virtualization 2.1
package_evr_string: libarchive-3.3.3
CVE-ID: CVE-2019-11463
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: A memory leak in archive_read_format_zip_cleanup in archive_read_support_format_zip.c in libarchive 3.3.4-dev allows remote attackers to cause a denial of service via a crafted ZIP file due to the HAVE_LZMA_H typo.
CVE-STATUS: Not Relevant
CVE-REV:
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ROSA | any | noarch | libarchive | < 3.3.3 | UNKNOWN |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
36.8%