CVE-2020-9308 — Out-of-bounds Write in Libarchive
Severity
8.8HIGHNVD
OSV5.5
EPSS
0.7%
top 27.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 20
Latest updateMay 24
Description
archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspecified other impact.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages4 packages
Also affects: Fedora 31, 32, Ubuntu Linux 16.04, 18.04, 19.10
Patches
🔴Vulnerability Details
3💥Exploits & PoCs
1📋Vendor Advisories
3💬Community
3Bugzilla▶
CVE-2020-9308 libarchive3: libarchive: attempts to unpack a RAR5 file with an invalid or corrupted header leads to a SIGSEGV [epel-6]↗2020-02-21
Bugzilla▶
CVE-2020-9308 libarchive: attempts to unpack a RAR5 file with an invalid or corrupted header leads to a SIGSEGV↗2020-02-21
Bugzilla▶
CVE-2020-9308 libarchive: attempts to unpack a RAR5 file with an invalid or corrupted header leads to a SIGSEGV [fedora-all]↗2020-02-21