Unrated severityNVD Advisory· Published Jul 20, 2021· Updated Nov 3, 2025
CVE-2021-36976
CVE-2021-36976
Description
libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14- libarchive/libarchivedescription
- Range: >=3.4.1, <=3.5.1
- osv-coords12 versionspkg:rpm/opensuse/bsdtar&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/libarchive&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/libarchive&distro=openSUSE%20Leap%2015.4pkg:rpm/suse/libarchive&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2
< 3.6.0-1.1+ 11 more
- (no CPE)range: < 3.6.0-1.1
- (no CPE)range: < 3.4.2-150200.4.3.1
- (no CPE)range: < 3.5.1-150400.3.3.1
- (no CPE)range: < 3.4.2-150200.4.3.1
- (no CPE)range: < 3.4.2-150200.4.3.1
- (no CPE)range: < 3.4.2-150200.4.3.1
- (no CPE)range: < 3.5.1-150400.3.3.1
- (no CPE)range: < 3.4.2-150200.4.3.1
- (no CPE)range: < 3.5.1-150400.3.3.1
- (no CPE)range: < 3.4.2-150200.4.3.1
- (no CPE)range: < 3.4.2-150200.4.3.1
- (no CPE)range: < 3.4.2-150200.4.3.1
Patches
Vulnerability mechanics
References
10- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SE5NJQNM22ZE5Z55LPAGCUHSBQZBKMKC/mitrevendor-advisoryx_refsource_FEDORA
- security.gentoo.org/glsa/202208-26mitrevendor-advisoryx_refsource_GENTOO
- seclists.org/fulldisclosure/2022/Mar/27mitremailing-listx_refsource_FULLDISC
- seclists.org/fulldisclosure/2022/Mar/28mitremailing-listx_refsource_FULLDISC
- seclists.org/fulldisclosure/2022/Mar/29mitremailing-listx_refsource_FULLDISC
- bugs.chromium.org/p/oss-fuzz/issues/detailmitrex_refsource_MISC
- github.com/google/oss-fuzz-vulns/blob/main/vulns/libarchive/OSV-2021-557.yamlmitrex_refsource_MISC
- support.apple.com/kb/HT213182mitrex_refsource_CONFIRM
- support.apple.com/kb/HT213183mitrex_refsource_CONFIRM
- support.apple.com/kb/HT213193mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.