CVE-2011-1778 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Libarchive

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents7 sources

Severity

6.8MEDIUMNVD

EPSS

3.0%

top 13.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libarchive Debian Libarchive Freebsd Libarchive

Timeline

PublishedApr 13

Latest updateMay 14

Description

Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TAR archive.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/libarchive< libarchive 2.8.5-5 (bookworm)

▶Debianlibarchive/libarchive< 2.8.5-5+3

▶NVDfreebsd/libarchive2.8.5+17

🔴Vulnerability Details

GHSA

GHSA-j8fm-g3qm-7gm3: Buffer overflow in libarchive through 2↗2022-05-14

▶

OSV

CVE-2011-1778: Buffer overflow in libarchive through 2↗2012-04-13

▶

📋Vendor Advisories

Ubuntu

libarchive vulnerabilities↗2011-12-19

▶

Debian

CVE-2011-1778: libarchive - Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a d...↗2011

▶

Red Hat

Libarchive multiple security issues↗2010-12-30

▶

💬Community

Bugzilla

CVE-2012-4024 squashfs-tools: remote arbitrary code execution via crafted list file↗2012-07-23

▶

Bugzilla

CVE-2010-4666 CVE-2011-1777 CVE-2011-1778 CVE-2011-1779 Libarchive multiple security issues [epel-5]↗2012-01-12

▶

Bugzilla

CVE-2010-4666 CVE-2011-1777 CVE-2011-1778 CVE-2011-1779 Libarchive multiple security issues [fedora-all]↗2011-05-18

▶

Bugzilla

CVE-2010-4666 CVE-2011-1777 CVE-2011-1778 CVE-2011-1779 Libarchive multiple security issues↗2011-05-18

▶