Msrc Azl3 Libarchive 3.7.1-2 On Azure Linux 3.0 vulnerabilities
3 known vulnerabilities affecting msrc/azl3_libarchive_3.7.1-2_on_azure_linux_3.0.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2
Vulnerabilities
Page 1 of 1
CVE-2024-48957HIGHCVSS 7.82024-10-08
CVE-2024-48957 [HIGH] CWE-125 execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.
execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected
msrc
CVE-2024-48958HIGHCVSS 7.82024-10-08
CVE-2024-48958 [HIGH] CWE-125 execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.
execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected
msrc
CVE-2024-37407CRITICALCVSS 9.12024-06-11
CVE-2024-37407 [CRITICAL] CWE-125 Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c.
Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c.
FAQ: Is Azure Linux the only Microsoft product that includes this
msrc