5.5
CVE-2019-11463
- EPSS 1.3%
- Veröffentlicht 23.04.2019 03:29:00
- Zuletzt bearbeitet 21.11.2024 04:21:07
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
A memory leak in archive_read_format_zip_cleanup in archive_read_support_format_zip.c in libarchive 3.3.4-dev allows remote attackers to cause a denial of service via a crafted ZIP file because of a HAVE_LZMA_H typo. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Libarchive ≫ Libarchive Version < 3.4.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.3% | 0.667 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://github.com/libarchive/libarchive/commit/ba641f73f3d758d9032b3f0e5597a9c6e593a505
https://github.com/libarchive/libarchive/issues/1165
https://access.redhat.com/security/cve/cve-2019-11463