5.5

CVE-2019-19221

Exploit
In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LibarchiveLibarchive Version3.4.0
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
FedoraprojectFedora Version32
CanonicalUbuntu Linux Version16.04 SwEditionesm
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version19.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.66% 0.467
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:N/I:N/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://github.com/libarchive/libarchive/commit/22b1db9d46654afc6f0c28f90af8cdc84a199f41
Patch
Third Party Advisory
https://github.com/libarchive/libarchive/issues/1276
Third Party Advisory
Exploit
Issue Tracking
https://lists.debian.org/debian-lts-announce/2022/04/msg00020.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2022/11/msg00030.html
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RHFV25AVTASTWZRF3KTSL357AQ6TYHM4/
https://usn.ubuntu.com/4293-1/
Patch
Third Party Advisory