CVE-2011-1778

Name of the Vulnerable Software and Affected Versions libarchive versions 2.8.3 through 2.8.5 libarchive versions prior to 3.1.2-r1

Description The issue affects the libarchive package, allowing remote attackers to exploit multiple vulnerabilities, potentially leading to a violation of confidentiality, integrity, and availability of protected information. The exploitation can be carried out remotely. A buffer overflow in libarchive through version 2.8.5 enables remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted TAR archive.

Recommendations For libarchive versions 2.8.3 through 2.8.5, update to a version later than 2.8.5 to resolve the issue. For libarchive versions prior to 3.1.2-r1, update to version 3.1.2-r1 or later to fix the vulnerabilities. As a temporary workaround, consider restricting access to libarchive until a patch is available.