RLSA-2023:3018 Low: libarchive security update

The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...

libarchive security update

An update is available for libarchive. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libarchive programming library can create and read several different...

libarchive: NULL pointer dereference in archive_write.c

A flaw was found in libarchive. A missing check of the return value of the calloc function can cause a NULL pointer dereference in an out-of-memory condition or when a memory allocation limit is reached, resulting in the program linked with libarchive to crash...

CVE-2023-30571

Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask call inside archivewritediskposix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race...

PT-2023-4600 · Unknown +3 · Libarchive +3

Name of the Vulnerable Software and Affected Versions: Libarchive versions 3.6.2 and earlier Description: The issue is caused by a race condition with the umask call inside archive write disk posix.c, which can lead to a permanent umask 0 setting. This can result in implicit directory creation wi...

libarchive 竞争条件问题漏洞

libarchive is a multi-format archive and compression library. A security vulnerability exists in libarchive 3.6.2 and earlier versions, which stems from a problem with the archivewritediskposix.c file, and can be exploited by an attacker to delete or rename files in a directory...

libarchive: NULL pointer dereference in archive_write.c

A flaw was found in libarchive. A missing check of the return value of the calloc function can cause a NULL pointer dereference in an out-of-memory condition or when a memory allocation limit is reached, resulting in the program linked with libarchive to crash...

libarchive: NULL pointer dereference in archive_write.c

A flaw was found in libarchive. A missing check of the return value of the calloc function can cause a NULL pointer dereference in an out-of-memory condition or when a memory allocation limit is reached, resulting in the program linked with libarchive to crash...

SUSE CVE-2013-0211

Integer signedness error in the archivewritezipdata function in archivewritesetformatzip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service crash via unspecified vectors, which triggers an improper conversion between...

SUSE CVE-2015-0557

Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive...

SUSE CVE-2015-1193

Multiple directory traversal vulnerabilities in pax 1:20140703 allow remote attackers to write to arbitrary files via a 1 full pathname or 2 .. dot dot in an archive...

DEBIAN-CVE-2015-1194

pax 1:20140703 allows remote attackers to write to arbitrary files via a symlink attack in an archive...

Integer overflow

Integer signedness error in the archivewritezipdata function in archivewritesetformatzip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service crash via unspecified vectors, which triggers an improper conversion between...