CVE-2021-36976
Published: 20 July 2021
libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).
Notes
| Author | Note |
|---|---|
| mdeslaur | introduced by: https://github.com/libarchive/libarchive/commit/47bb8187d3ef2d49ee8c7841cb2872b3cfa1f6f7 this was backported by the upstream-rar-window-mask.patch patch in focal |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
libarchive Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
| trusty |
Not vulnerable
(code not present)
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code not present)
|
|
| impish |
Released
(3.4.3-2ubuntu0.1)
|
|
| focal |
Released
(3.4.0-2ubuntu1.1)
|
|
| groovy |
Ignored
(end of life)
|
|
| hirsute |
Ignored
(end of life)
|
|
| jammy |
Released
(3.5.2-1ubuntu1)
|
|
|
Patches: upstream: https://github.com/libarchive/libarchive/pull/1491 upstream: https://github.com/libarchive/libarchive/pull/1492 upstream: https://github.com/libarchive/libarchive/commit/7d3c18ab8a39942cc3b83ab0f0748c1353c2e972 upstream: https://github.com/libarchive/libarchive/commit/b9675888c288fb8b293a69783712bbc2a4573773 |
||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 6.5 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |