PT-2024-1124 · Microsoft+4 · Windows+4

Clearbluejar

Published

2022-07-01

Updated

2026-04-02

CVE-2024-20696

CVSS v3.1

7.3

High

Vector

AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Windows (affected versions not specified)

Description The vulnerability is related to insufficient input validation in the libarchive library, which may allow remote attackers to execute arbitrary code. A heap-based out-of-bounds write vulnerability was discovered in libarchive, a multi-format archive and compression library, which may result in the execution of arbitrary code if a specially crafted RAR archive is processed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-122

Related Identifiers

ALSA-2022_5252

ALSA-2023_2532

ALSA-2023_3018

ALT-PU-2024-13156

ALT-PU-2024-13375

BDU:2024-00408

CVE-2024-20696

DLA-3950-1

DSA-5806-1

MGASA-2024-0363

OESA-2024-1715

OPENSUSE-SU-2024:14378-1

OPENSUSE-SU-2024_2083-1

OPENSUSE-SU-2024_2171-1

SUSE-SU-2024:2081-1

SUSE-SU-2024:2082-1

SUSE-SU-2024:2083-1

SUSE-SU-2024:2171-1

SUSE-SU-2024:2171-2

SUSE-SU-2024_2081-1

SUSE-SU-2024_2082-1

SUSE-SU-2024_2083-1

SUSE-SU-2024_2171-1

SUSE-SU-2025:20050-1

SUSE-SU-2025:20257-1

USN-7087-1

USN-8147-1

Affected Products

Alt Linux

Linuxmint

Suse

Ubuntu

Windows

PT-2024-1124 · Microsoft+4 · Windows+4

CVE-2024-20696

Weakness Enumeration

Related Identifiers

Affected Products

References · 84