Your submission was sent successfully! Close

CVE-2020-21674

Published: 15 October 2020

Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive file. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected.

Notes

AuthorNote
ebarretto
this only affects users who downloaded the development code.
Users of the product's official releases are unaffected.
Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
libarchive
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
precise Does not exist

trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Not vulnerable
(code not present)