Medium severity4.0OSV Advisory· Published Feb 16, 2025· Updated Apr 15, 2026
CVE-2024-57970
CVE-2024-57970
Description
libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
22v3.0.0a, v3.0.1b, v3.1.900a, …+ 1 more
- (no CPE)range: v3.0.0a, v3.0.1b, v3.1.900a, …
- (no CPE)range: <=3.7.7
- osv-coords20 versionspkg:apk/chainguard/libarchivepkg:apk/chainguard/libarchive-devpkg:apk/chainguard/libarchive-docpkg:apk/chainguard/libarchive-toolspkg:apk/wolfi/libarchivepkg:apk/wolfi/libarchive-devpkg:apk/wolfi/libarchive-docpkg:apk/wolfi/libarchive-toolspkg:deb/ubuntu/libarchive@3.1.2-11ubuntu0.16.04.8+esm1?arch=source&distro=esm-infra/xenialpkg:deb/ubuntu/libarchive@3.1.2-7ubuntu2.8+esm3?arch=source&distro=esm-infra-legacy/trustypkg:deb/ubuntu/libarchive@3.2.2-3.1ubuntu0.7+esm1?arch=source&distro=esm-infra/bionicpkg:deb/ubuntu/libarchive@3.4.0-2ubuntu1.4?arch=source&distro=focalpkg:deb/ubuntu/libarchive@3.6.0-1ubuntu1.3?arch=source&distro=jammypkg:deb/ubuntu/libarchive@3.7.2-2ubuntu0.3?arch=source&distro=noblepkg:deb/ubuntu/libarchive@3.7.4-1ubuntu0.1?arch=source&distro=oracularpkg:julia/LibArchive_jll?uuid=1e303b3e-d4db-56ce-88c4-91e52606a1a8pkg:rpm/almalinux/bsdtarpkg:rpm/almalinux/libarchivepkg:rpm/almalinux/libarchive-develpkg:rpm/opensuse/libarchive&distro=openSUSE%20Tumbleweed
< 3.7.7-r2+ 19 more
- (no CPE)range: < 3.7.7-r2
- (no CPE)range: < 3.7.7-r2
- (no CPE)range: < 3.7.7-r2
- (no CPE)range: < 3.7.7-r2
- (no CPE)range: < 3.7.7-r2
- (no CPE)range: < 3.7.7-r2
- (no CPE)range: < 3.7.7-r2
- (no CPE)range: < 3.7.7-r2
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: < 3.7.9+0
- (no CPE)range: < 3.7.7-2.el10_0
- (no CPE)range: < 3.7.7-2.el10_0
- (no CPE)range: < 3.7.7-2.el10_0
- (no CPE)range: < 3.7.7-2.1
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.