CVE-2022-26280

CVSS v2.0

9.4

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:C

Name of the Vulnerable Software and Affected Versions libarchive version 3.6.0

Description The issue is related to an out-of-bounds read via the zipx lzma alone init() function in the libarchive library. This can allow a remote attacker to disclose protected information or cause a denial of service. The vulnerability is associated with a buffer read beyond boundaries in memory.

Recommendations For libarchive version 3.6.0, consider updating to a newer version that includes fixes for the out-of-bounds read issues, such as fixes for the 7zip reader, ZIP reader, ISO reader, and RARv4 reader. As a temporary workaround, consider restricting the use of the zipx lzma alone init() function until a patch is available.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2022:5252

ALT-PU-2022-2939

ALT-PU-2022-2940

ALT-PU-2022-2973

ALT-PU-2022-3332

AZL-9210

BDU:2022-01973

CVE-2022-26280

DLA-3950-1

MGASA-2022-0142

OESA-2022-1742

OPENSUSE-SU-2022_1803-1

OPENSUSE-SU-2022_1930-1

OPENSUSE-SU-2024:13549-1

RHSA-2022:5252

RHSA-2022_5252

RLSA-2022:5252

SUSE-SU-2022:1803-1

SUSE-SU-2022:1930-1

SUSE-SU-2022_1803-1

USN-5374-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Libarchive

CVE-2022-26280

Weakness Enumeration

Related Identifiers

Affected Products

References · 59