PT-2024-1100 · Microsoft+1 · Windows+1

Guy Lederfein

Published

2024-01-09

Updated

2025-03-31

CVE-2024-20697

CVSS v3.1

7.3

High

Vector

AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Windows libarchive (affected versions not specified)

Description The vulnerability is related to insufficient input validation in the libarchive library of the Windows operating system. It allows remote attackers to execute arbitrary code and affect the system. An attacker could exploit this bug by enticing a user into extracting a crafted RAR archive.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-122

Related Identifiers

BDU:2024-00381

CVE-2024-20697

GHSA-W6XV-37JV-7CJR

OPENSUSE-SU-2024_2083-1

OPENSUSE-SU-2024_3940-1

SUSE-SU-2024:2083-1

SUSE-SU-2024:3940-1

SUSE-SU-2024_3940-1

SUSE-SU-2025:20050-1

SUSE-SU-2025:20087-1

SUSE-SU-2025:20257-1

ZDI-24-1696

Affected Products

Suse

Windows

PT-2024-1100 · Microsoft+1 · Windows+1

CVE-2024-20697

Weakness Enumeration

Related Identifiers

Affected Products

References · 46