archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspecified other impact. References: https://github.com/libarchive/libarchive/pull/1326 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20459 Upstream commit: https://github.com/libarchive/libarchive/pull/1326/commits/94821008d6eea81e315c5881cdf739202961040a
Created libarchive tracking bugs for this issue: Affects: fedora-all [bug 1805967] Created libarchive3 tracking bugs for this issue: Affects: epel-6 [bug 1805968]
Support for RAR5 was introduced in libarchive 3.4.0 (see https://github.com/libarchive/libarchive/wiki/ReleaseNotes#libarchive-340).
Statement: This issue did not affect the versions of libarchive as shipped with Red Hat Enterprise Linux 6, 7, and 8 as they did not include support for RAR 5 archives.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-9308