Lucene search
Veracode Vulnerability DatabaseVERACODE:21785HistoryOct 29, 2019 - 6:34 a.m.
Arbitrary Code Execution
2019-10-2906:34:21
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
0.012 Low
EPSS
Percentile
85.0%
libarchive.so is vulnerable to arbitrary code execution. A use-after-free bug exists in the function archive_read_format_rar_read_data in archive_read_support_format_rar.c as it does not properly handle archive files, allowing an attacker to execute arbtirary code in certain ARCHIVE_FAILED situation by submitting a malicious archive file.
| CPE | Name | Operator | Version |
|---|---|---|---|
| libarchive.so | le | 14 | |
| libarchive | eq | 3.3.3-r0 |
References
bugs.chromium.org/p/oss-fuzz/issues/detail?id=14689
github.com/libarchive/libarchive/commit/b8592ecba2f9e451e1f5cb7ab6dcee8b8e7b3f60
github.com/libarchive/libarchive/compare/v3.3.3...v3.4.0
lists.debian.org/debian-lts-announce/2019/10/msg00034.html
seclists.org/bugtraq/2019/Nov/2
usn.ubuntu.com/4169-1/
www.debian.org/security/2019/dsa-4557
Related
nessus
nessus
Photon OS 3.0: Libarchive PHSA-2019-3.0-0041
2019-12-31 00:00:00
Amazon Linux 2 : libarchive (ALAS-2020-1391)
2020-02-10 00:00:00
CentOS 7 : libarchive (CESA-2020:0203)
2020-01-30 00:00:00
cve
cve
CVE-2019-18408
2019-10-24 14:15:11
amazon
amazon
Important: libarchive
2020-02-05 16:44:00
Important: libarchive
2020-02-17 19:38:00
alpinelinux
alpinelinux
CVE-2019-18408
2019-10-24 14:15:11
openvas
openvas
Debian: Security Advisory (DLA-1971-1)
2019-10-27 00:00:00
Huawei EulerOS: Security Advisory for libarchive (EulerOS-SA-2020-1080)
2020-01-23 00:00:00
CentOS: Security Advisory for bsdcpio (CESA-2020:0203)
2020-01-29 00:00:00
osv
osv
libarchive - security update
2019-10-26 00:00:00
libarchive - security update
2019-10-31 00:00:00
CVE-2019-18408
2019-10-24 14:15:11
cvelist
cvelist
CVE-2019-18408
2019-10-24 13:37:39
ubuntucve
ubuntucve
CVE-2019-18408
2019-10-24 00:00:00
prion
prion
Design/Logic Flaw
2019-10-24 14:15:00
oraclelinux
oraclelinux
libarchive security update
2020-01-22 00:00:00
libarchive security update
2020-01-29 00:00:00
ubuntu
ubuntu
libarchive vulnerability
2019-10-29 00:00:00
symantec
symantec
libarchive CVE-2019-18408 Arbitrary Code Execution Vulnerability
2019-10-31 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: libarchive-3.3.3-7.fc30
2020-04-01 02:36:21
redhat
redhat
(RHSA-2020:0246) Important: libarchive security update
2020-01-27 20:11:14
(RHSA-2020:0271) Important: libarchive security update
2020-01-29 07:30:42
(RHSA-2020:0203) Important: libarchive security update
2020-01-22 13:07:09
f5
f5
K52144175 : libarchive vulnerability CVE-2019-18408
2019-11-15 00:00:00
debian
debian
[SECURITY] [DSA 4557-1] libarchive security update
2019-10-31 21:49:27
[SECURITY] [DLA 1971-1] libarchive security update
2019-10-26 21:27:40
cloudfoundry
cloudfoundry
USN-4169-1: libarchive vulnerability | Cloud Foundry
2019-11-18 00:00:00
centos
centos
bsdcpio, bsdtar, libarchive security update
2020-01-28 21:28:30
redhatcve
redhatcve
CVE-2019-18408
2019-11-07 20:55:34
nvd
nvd
CVE-2019-18408
2019-10-24 14:15:11
debiancve
debiancve
CVE-2019-18408
2019-10-24 14:15:11
gentoo
gentoo
libarchive: Multiple vulnerabilities
2020-03-15 00:00:00
suse
suse
Security update for libarchive (moderate)
2019-12-03 00:00:00
Security update for libarchive (moderate)
2019-12-04 00:00:00
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2019-2.0-0189
2019-11-15 00:00:00
Critical Photon OS Security Update - PHSA-2019-0041
2019-11-19 00:00:00
Critical Photon OS Security Update - PHSA-2019-3.0-0041
2019-11-19 00:00:00