Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init. https://github.com/libarchive/libarchive/issues/1672
Created cmake3 tracking bugs for this issue: Affects: epel-all [bug 2071933] Created libarchive tracking bugs for this issue: Affects: fedora-all [bug 2071934] Created mingw-libarchive tracking bugs for this issue: Affects: fedora-all [bug 2071935]
Patch: https://github.com/libarchive/libarchive/commit/cfaa28168a07ea4a53276b63068f94fce37d6aff
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:5252 https://access.redhat.com/errata/RHSA-2022:5252
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-26280