Bug 2290445 (CVE-2024-20697) - CVE-2024-20697 libarchive: Heap based buffer overflow in rar e8 filter
Summary: CVE-2024-20697 libarchive: Heap based buffer overflow in rar e8 filter
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2024-20697
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: CVE-2024-26256 2290446
Blocks: 2290447
TreeView+ depends on / blocked
 
Reported: 2024-06-04 20:15 UTC by Marco Benatto
Modified: 2024-06-12 18:01 UTC (History)
35 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the libarchive library. A heap-based buffer overflow in the execute_filter_e8 function in the libarchive/archive_read_support_format_rar.c file can be triggered when a specially crafted RAR archive is processed, causing a crash to the application linked to the library and resulting in a denial of service.
Clone Of:
Environment:
Last Closed: 2024-06-12 17:37:37 UTC
Embargoed:


Attachments (Terms of Use)

Comment 1 Marco Benatto 2024-06-04 20:16:41 UTC
Created libarchive tracking bugs for this issue:

Affects: fedora-all [bug 2290446]


Note You need to log in before you can comment on or make changes to this bug.