PT-2017-16606 · Libarchive+2 · Libarchive+2

Published

2017-01-27

Updated

2024-06-15

CVE-2017-5601

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libarchive version 3.2.2

Description The issue is related to an error in the lha read file header 1() function, which can be exploited by remote attackers to trigger an out-of-bounds read memory access. This can be achieved by using a specially crafted archive, potentially leading to a crash.

Recommendations For libarchive version 3.2.2, consider applying a patch or fix that addresses the error in the lha read file header 1() function to prevent out-of-bounds read memory access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2017-5601

DLA-1600-1

DLA-810-1

MGASA-2017-0056

OPENSUSE-SU-2022:0944-1

OPENSUSE-SU-2022_0944-1

OPENSUSE-SU-2022_1930-1

OPENSUSE-SU-2024:13549-1

SUSE-SU-2022:0944-1

SUSE-SU-2022:0944-2

SUSE-SU-2022:1930-1

SUSE-SU-2022_0944-1

SUSE-SU-2022_0944-2

SUSE-SU-2022_1930-1

USN-3225-1

Affected Products

Suse

Ubuntu

Libarchive

PT-2017-16606 · Libarchive+2 · Libarchive+2

CVE-2017-5601

Weakness Enumeration

Related Identifiers

Affected Products

References · 44