Lucene search

K
vulnrichmentMitreVULNRICHMENT:CVE-2024-37407
HistoryJun 08, 2024 - 12:00 a.m.

CVE-2024-37407

2024-06-0800:00:00
mitre
github.com
7
libarchive
3.7.4
name out-of-bounds
zip archive
empty-name file

AI Score

7.1

Confidence

Low

SSVC

Exploitation

poc

Automatable

no

Technical Impact

partial

Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*"
    ],
    "vendor": "libarchive",
    "product": "libarchive",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "3.7.4"
      }
    ],
    "defaultStatus": "unknown"
  }
]

AI Score

7.1

Confidence

Low

SSVC

Exploitation

poc

Automatable

no

Technical Impact

partial