CVE-2024-48615 — NULL Pointer Dereference in Libarchive

CWE-476 — NULL Pointer Dereference7 documents7 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 39.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libarchive Debian Libarchive Msrc Azl3 Cmake 3.30.3-6 ON Azure Linux 3.0 +3 more

Timeline

PublishedMar 28

Description

Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function header_pax_extension at rchive_read_support_format_tar.c:1844:8.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages7 packages

▶Ubuntulibarchive/libarchive< 3.4.0-2ubuntu1.4+2

▶NVDlibarchive/libarchive3.7.6

▶debiandebian/libarchive

▶msrcmsrc/cbl2_libarchive_3.6.1-6_on_cbl_mariner_2.0

▶msrcmsrc/azl3_cmake_3.30.3-6_on_azure_linux_3.0

🔴Vulnerability Details

GHSA

GHSA-57fm-4q7w-88cr: Null Pointer Dereference vulnerability in libarchive 3↗2025-03-28

▶

CVEList

CVE-2024-48615: Null Pointer Dereference vulnerability in libarchive 3↗2025-03-28

▶

OSV

CVE-2024-48615: Null Pointer Dereference vulnerability in libarchive 3↗2025-03-28

▶

📋Vendor Advisories

Red Hat

libarchive: Null Pointer Dereference in Libarchive↗2025-03-28

▶

Microsoft

Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function header_pax_extension at rchive_read_support_format_tar.c:1844:8.↗2025-03-11

▶

Debian

CVE-2024-48615: libarchive - Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when runn...↗2024

▶