Note:
This project will be discontinued after December 13, 2021. [more]
2017-09-17
read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header.
Products | Libarchive |
Type | Out-of-bounds Read (CWE-125) Off-by-one Error (CWE-193) |
First patch |
https://github.com/libarchive/libarchive/commit/5562545b5562f6d12a4ef991fae158bf4ccf92b6 |
Relevant file/s | ./libarchive/archive_read_support_format_rar.c (modified, +5, -1) |
Links |
• https://security.gentoo.org/glsa/201908-11
• https://usn.ubuntu.com/3859-1/ • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=573 • https://bugs.debian.org/875974 • https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html |
Navigation
Patch data:
Patched area:
(on by default)
Patched area: