CVE-2007-3641 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Libarchive

5 documents5 sources

Severity

9.3CRITICALNVD

EPSS

37.2%

top 2.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libarchive Debian Libarchive Freebsd Libarchive

Timeline

PublishedJul 14

Latest updateMay 1

Description

archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/libarchive< libarchive 2.2.4-1 (bookworm)

▶Debianlibarchive/libarchive< 2.2.4-1+3

▶NVDfreebsd/libarchive2.2.3

Patches

Patch: secunia.com ↗Patch: secunia.com ↗Patch: security.freebsd.org ↗

🔴Vulnerability Details

GHSA

GHSA-72gg-m2hj-9c97: archive_read_support_format_tar↗2022-05-01

▶

OSV

CVE-2007-3641: archive_read_support_format_tar↗2007-07-14

▶

📋Vendor Advisories

BSD

FreeBSD-SA-07:05.libarchive: Errors handling corrupt tar files in libarchive(3)↗2007-07-12

▶

Debian

CVE-2007-3641: libarchive - archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly c...↗2007

▶