vulnerability
Oracle Linux: CVE-2022-26280: ELSA-2022-5252: libarchive security update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:H/Au:N/C:P/I:N/A:C) | 03/29/2022 | 07/22/2024 | 11/29/2024 |
Severity
6
CVSS
(AV:N/AC:H/Au:N/C:P/I:N/A:C)
Published
03/29/2022
Added
07/22/2024
Modified
11/29/2024
Description
Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.
An out-of-bounds read flaw was found in libarchive. This flaw allows an attacker who can supply a specially crafted zip file to libarchive to cause an out-of-bounds read in programs linked with libarchive, using the LZMA zip functionality. The consequences depend on the specific program linked with libarchive. Still, they would most likely result in an application crash or information disclosure that could be used in conjunction with another exploit.
An out-of-bounds read flaw was found in libarchive. This flaw allows an attacker who can supply a specially crafted zip file to libarchive to cause an out-of-bounds read in programs linked with libarchive, using the LZMA zip functionality. The consequences depend on the specific program linked with libarchive. Still, they would most likely result in an application crash or information disclosure that could be used in conjunction with another exploit.
Solution(s)
oracle-linux-upgrade-bsdtaroracle-linux-upgrade-libarchiveoracle-linux-upgrade-libarchive-devel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.