CVE-2024-20696Heap-based Buffer Overflow in Microsoft Windows 10 Version 1809

CWE-122Heap-based Buffer OverflowCWE-190Integer Overflow or Wraparound15 documents10 sources
Severity
7.3HIGHNVD
OSV5.5
EPSS
7.2%
top 8.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
17
Microsoft Windows 10 Version 1809Microsoft Windows 10 Version 21h2Microsoft Windows 10 Version 22h2+14 more
Timeline
PublishedJan 9
Latest updateApr 2

Description

Windows libarchive Remote Code Execution Vulnerability

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages18 packages

NVDmicrosoft/windows< 10.0.17763.5329+2
NVDmicrosoft/windows_10_1809< 10.0.17763.5329
NVDmicrosoft/windows_10_21h2< 10.0.19044.3930
NVDmicrosoft/windows_10_22h2< 10.0.19045.3930
NVDmicrosoft/windows_11_21h2< 10.0.22000.2713

Patches

Patch: msrc.microsoft.comPatch: msrc.microsoft.com

🔴Vulnerability Details

4
OSV
libarchive vulnerabilities2026-04-02
OSV
CVE-2024-20696: Windows libarchive Remote Code Execution Vulnerability2024-01-09
CVEList
Windows libarchive Remote Code Execution Vulnerability2024-01-09
GHSA
GHSA-g5xc-jv8h-2232: Windows Libarchive Remote Code Execution Vulnerability2024-01-09

📋Vendor Advisories

5
Ubuntu
libarchive vulnerabilities2026-04-02
Ubuntu
libarchive vulnerability2024-10-31
Red Hat
libarchive: out-of-bounds access in copy_from_lzss_window_to_unp()2024-01-09
Microsoft
Windows libarchive Remote Code Execution Vulnerability2024-01-09
Debian
CVE-2024-20696: libarchive - Windows libarchive Remote Code Execution Vulnerability2024

🕵️Threat Intelligence

5
Trendmicro
The January 2024 Security Update Review2024-01-09
Trendmicro
The January 2024 Security Update Review2024-01-09
Trendmicro
The January 2024 Security Update Review2024-01-09
Bleepingcomputer
Microsoft January 2024 Patch Tuesday fixes 49 flaws, 12 RCE bugs2024-01-09
Trendmicro
The January 2024 Security Update Review2024-01-09
CVE-2024-20696 — Heap-based Buffer Overflow | cvebase