Your submission was sent successfully! Close

CVE-2021-36976

Published: 20 July 2021

libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).

Notes

AuthorNote
mdeslaur
introduced by:
https://github.com/libarchive/libarchive/commit/47bb8187d3ef2d49ee8c7841cb2872b3cfa1f6f7
this was backported by the upstream-rar-window-mask.patch patch
in focal
Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
libarchive
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal
Released (3.4.0-2ubuntu1.1)
groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish
Released (3.4.3-2ubuntu0.1)
jammy
Released (3.5.2-1ubuntu1)
trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Not vulnerable
(code not present)
Patches:
upstream: https://github.com/libarchive/libarchive/pull/1491
upstream: https://github.com/libarchive/libarchive/pull/1492
upstream: https://github.com/libarchive/libarchive/commit/7d3c18ab8a39942cc3b83ab0f0748c1353c2e972
upstream: https://github.com/libarchive/libarchive/commit/b9675888c288fb8b293a69783712bbc2a4573773