Azure Linux 3.0 Security Update: libarchive (CVE-2024-37407)

The version of libarchive installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-37407 advisory. - Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and...

Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c.

...

AZL-42471 CVE-2024-37407 affecting package libarchive for versions less than 3.7.1-2

Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurpcentraldirectory in archivereadsupportformatzip.c...

CVE-2024-37407

Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurpcentraldirectory in archivereadsupportformatzip.c...

CVE-2024-37407

Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurpcentraldirectory in archivereadsupportformatzip.c...

CVE-2024-37407

Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurpcentraldirectory in archivereadsupportformatzip.c...

CVE-2024-37407

CVE-2024-37407 affects the libarchive library (before 3.7.4). The vulnerability occurs when processing a ZIP archive that contains an empty-name file with mac-ext enabled, in slurp_central_directory of archive_read_support_format_zip.c, which can cause name out-of-bounds access. Affected versions...

PT-2024-4147 · Unknown +1 · Libarchive +1

Name of the Vulnerable Software and Affected Versions: Libarchive versions prior to 3.7.4 Description: The issue is related to a buffer overflow vulnerability when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in the slurp central directory function in archive read...