Kwrobot

**Name of the Vulnerable Software and Affected Versions** libarchive versions prior to 3.2.0 **Description** The issue allows remote attackers to cause a denial of service (crash) via crafted cab files. This is related to "overlapping memcpy" in the archive string append function in archive string.c. **Recommendations** For versions prior to 3.2.0, update to version 3.2.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of crafted cab files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** libarchive versions prior to 3.2.0 **Description** The issue allows remote attackers to cause a denial of service, resulting in an invalid read and crash, via crafted cpio files. **Recommendations** For versions prior to 3.2.0, update to version 3.2.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** libarchive versions prior to 3.2.0 **Description** The issue allows remote attackers to cause a denial of service, resulting in a crash due to a NULL pointer dereference. This can be achieved by including an invalid character in the name of a cab file. **Recommendations** For versions prior to 3.2.0, update to version 3.2.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** libarchive versions prior to 3.2.0 **Description** The issue allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. This is due to a problem in the ae strtofflags function in archive entry.c. **Recommendations** For versions prior to 3.2.0, update to version 3.2.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** libarchive versions prior to 3.2.0 **Description** The issue allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file. This is due to a problem in the archive read format tar read header function in archive read support format tar.c. **Recommendations** For versions prior to 3.2.0, update to version 3.2.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** libarchive versions prior to 3.2.0 **Description** The issue is related to the readline function in archive read support format mtree.c, which allows remote attackers to cause a denial of service due to invalid read operations. This is triggered by a crafted mtree file, specifically related to newline parsing. **Recommendations** For versions prior to 3.2.0, update to version 3.2.0 or later to resolve the issue.