ROSA LABROSA-SA-2023-2205Advisory ROSA-SA-2023-2205
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.005 Low
EPSS
Percentile
76.2%
Software: libarchive 3.3.3
OS: ROSA Virtualization 2.1
package_evr_string: libarchive-3.3.3.3-5.rv3.src.rpm
CVE-ID: CVE-2021-23177
BDU-ID: 2022-01463
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the libarchive archiving library is related to symbolic link tracking. Exploitation of the vulnerability could allow an attacker to escalate their privileges by helping the attacker open a specially crafted archive.
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update libarchive command.
CVE-ID: CVE-2021-31566
BDU-ID: 2022-01464
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the libarchive archiving library is related to symbolic link tracking. Exploitation of the vulnerability could allow an attacker to escalate their privileges by creating a specially formed link to a malicious file
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update libarchive command
CVE-ID: CVE-2022-36227
BDU-ID: 2022-07496
CVE-Crit: CRITICAL.
CVE-DESC.: A vulnerability in the calloc() function of the libarchive archiving library is related to pointer dereferencing errors. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code or cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update libarchive command.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ROSA | any | noarch | libarchive | < 3.3.3 | UNKNOWN |
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.005 Low
EPSS
Percentile
76.2%