rpm package
suse/libarchive&distro=SUSE Linux Enterprise Real Time 15 SP2
pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-36976 | — | < 3.4.2-150200.4.3.1 | 3.4.2-150200.4.3.1 | Jul 20, 2021 | libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block). | ||
| CVE-2017-5601 | Hig | 7.5 | < 3.4.2-150200.4.3.1 | 3.4.2-150200.4.3.1 | Jan 27, 2017 | An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive. |
- CVE-2021-36976Jul 20, 2021affected < 3.4.2-150200.4.3.1fixed 3.4.2-150200.4.3.1
libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).
- affected < 3.4.2-150200.4.3.1fixed 3.4.2-150200.4.3.1
An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive.