CVE-2024-57970

CVSS v3.1

4.0

Medium

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions libarchive versions 3.7.7 and earlier

Description The issue is a heap-based buffer over-read in the header gnu longlink function in archive read support format tar.c via a TAR archive. This occurs because the software mishandles truncation in the middle of a GNU long linkname.

Recommendations For versions 3.7.7 and earlier, consider disabling the header gnu longlink function in archive read support format tar.c to prevent exploitation until a patch is available. Restrict access to TAR archives to minimize the risk of exploitation. Avoid using the archive read support format tar.c function with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Over-read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-126

Related Identifiers

ALSA-2025:7510

BDU:2025-05207

CVE-2024-57970

JLSEC-2025-250

OPENSUSE-SU-2025:14844-1

RHSA-2025:7510

Affected Products

Red Os

Libarchive

CVE-2024-57970

Weakness Enumeration

Related Identifiers

Affected Products

References · 32