PT-2007-1030 · Libarchive · Bsdtar+1

Colin Percival

Published

2007-07-14

Updated

2024-06-15

CVE-2007-3641

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: libarchive versions prior to 2.2.4 bsdtar (affected versions not specified)

Description: The issue concerns multiple vulnerabilities in the libarchive package, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. The vulnerabilities can be triggered by a crafted PAX or TAR archive, potentially leading to a denial of service or the execution of arbitrary code. The exploitation can be performed remotely.

Recommendations: For libarchive versions prior to 2.2.4, update to version 2.2.4 or later to resolve the issue. For bsdtar, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

BDU:2015-02966

BDU:2015-09587

CVE-2007-3641

DSA-1455-1

OPENSUSE-SU-2024:10925-1

Affected Products

Bsdtar

Libarchive

PT-2007-1030 · Libarchive · Bsdtar+1

CVE-2007-3641

Related Identifiers

Affected Products

References · 39