1812633 – (CVE-2019-20509) CVE-2019-20509 libarchive: heap-based buffer overflow in archive_read_support_format_lha.c due to insufficient validation of UTF-16 input

Bug 1812633 (CVE-2019-20509) - CVE-2019-20509 libarchive: heap-based buffer overflow in archive_read_support_format_lha.c due to insufficient validation of UTF-16 input

Summary: CVE-2019-20509 libarchive: heap-based buffer overflow in archive_read_support...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2019-20509
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1812641 1812636 1812637 1812638 1812640 1812642 1812643
Blocks:	1812639
TreeView+	depends on / blocked

Reported:	2020-03-11 18:12 UTC by Guilherme de Almeida Suckevicz
Modified:	2020-03-24 16:32 UTC (History)
CC List:	11 users (show)
Fixed In Version:	libarchive 3.4.1
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-03-24 16:32:00 UTC
Embargoed:

Attachments	(Terms of Use)

Description Guilherme de Almeida Suckevicz 2020-03-11 18:12:38 UTC

archive_read_support_format_lha.c in libarchive before 3.4.1 does not ensure valid sizes for UTF-16 input, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted LHA archive.

Reference:
https://github.com/libarchive/libarchive/issues/1284

Upstream commit:
https://github.com/libarchive/libarchive/commit/91cf9372e89f7af4582964b15ceb7fc6d1b37471

Comment 1 Guilherme de Almeida Suckevicz 2020-03-11 18:16:32 UTC

Created libarchive tracking bugs for this issue:

Affects: fedora-all [bug 1812636]


Created libarchive3 tracking bugs for this issue:

Affects: epel-6 [bug 1812640]


Created mingw-libarchive tracking bugs for this issue:

Affects: fedora-all [bug 1812637]


Created python-libarchive tracking bugs for this issue:

Affects: epel-7 [bug 1812641]


Created python-libarchive-c tracking bugs for this issue:

Affects: epel-7 [bug 1812642]
Affects: epel-8 [bug 1812643]
Affects: fedora-all [bug 1812638]

Comment 2 Riccardo Schirone 2020-03-24 13:48:29 UTC

Vulnerability introduced in commit https://github.com/libarchive/libarchive/commit/0f1e37b54ae436536fe9522b9cb8380d9be29a03 , which was first introduced in upstream release 3.4.1.

Comment 3 Riccardo Schirone 2020-03-24 13:57:51 UTC

The vulnerability was introduced and fixed in the same version, so there is actually no released version with the vulnerable code.

Comment 4 Product Security DevOps Team 2020-03-24 16:32:00 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-20509

Note You need to log in before you can comment on or make changes to this bug.