Unrated severityNVD Advisory· Published Nov 21, 2019· Updated Aug 5, 2024

CVE-2019-19221

Description

In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Libarchive/Libarchivedescription
Libarchive/Libarchivellm-fuzzy
Range: =3.4.0
osv-coords5 versions
pkg:rpm/almalinux/libarchive-devel pkg:rpm/opensuse/bsdtar&distro=openSUSE%20Tumbleweed pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 3.3.2-9.el8+ 4 more
- (no CPE)range: < 3.3.2-9.el8
- (no CPE)range: < 3.5.1-1.5
- (no CPE)range: < 3.3.3-32.5.1
- (no CPE)range: < 3.3.3-32.5.1
- (no CPE)range: < 3.3.3-32.5.1

Patches

Vulnerability mechanics

References

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RHFV25AVTASTWZRF3KTSL357AQ6TYHM4/mitrevendor-advisory
usn.ubuntu.com/4293-1/mitrevendor-advisory
lists.debian.org/debian-lts-announce/2022/04/msg00020.htmlmitremailing-list
lists.debian.org/debian-lts-announce/2022/11/msg00030.htmlmitremailing-list
github.com/libarchive/libarchive/commit/22b1db9d46654afc6f0c28f90af8cdc84a199f41mitre
github.com/libarchive/libarchive/issues/1276mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000