CVE-2020-21674

Name of the Vulnerable Software and Affected Versions libarchive version 3.4.1dev

Description A heap-based buffer overflow issue exists, allowing remote attackers to cause a denial of service via a crafted archive file. This issue affects users who downloaded the development code from GitHub, while users of the product's official releases are unaffected.

Recommendations For libarchive version 3.4.1dev, consider avoiding the use of crafted archive files until a patch is available. As a temporary workaround, restrict the use of the archive string append from wcs() function in archive string.c to minimize the risk of exploitation.