2290445 – (CVE-2024-20697) CVE-2024-20697 libarchive: Heap based buffer overflow in rar e8 filter

Bug 2290445 (CVE-2024-20697) - CVE-2024-20697 libarchive: Heap based buffer overflow in rar e8 filter

Summary: CVE-2024-20697 libarchive: Heap based buffer overflow in rar e8 filter

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2024-20697
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	CVE-2024-26256 2290446
Blocks:	2290447
TreeView+	depends on / blocked

Reported:	2024-06-04 20:15 UTC by Marco Benatto
Modified:	2024-06-12 18:01 UTC (History)
CC List:	35 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2024-06-12 17:37:37 UTC
Embargoed:

Attachments	(Terms of Use)

Description Marco Benatto 2024-06-04 20:15:21 UTC

Windows Libarchive Remote Code Execution Vulnerability.

References:
https://github.com/libarchive/libarchive/pull/2135
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20697
https://www.zerodayinitiative.com/blog/2024/4/17/cve-2024-20697-windows-libarchive-remote-code-execution-vulnerability

Comment 1 Marco Benatto 2024-06-04 20:16:41 UTC

Created libarchive tracking bugs for this issue:

Affects: fedora-all [bug 2290446]

Note You need to log in before you can comment on or make changes to this bug.

agarcial
aoconnor
aprice
asegurap
bdettelb
caswilli
dfreiber
dhalasz
dkuc
drow
fjansen
hkataria
jburrell
jmitchel
jsamir
jsherril
jtanner
kaycoth
kholdawa
kshier
ljavorsk
luizcosta
mpierce
nweather
oezr
orabin
psegedy
stcannon
sthirugn
vkrizan
vkumar
vmugicag
xiaoxwan
yguenane
zzhou