libarchive: Multiple vulnerabilities (CVE-2019-19221, 2020-9308)ID: oval:org.secpod.oval:def:1801698 | Date: (C)2020-12-22 (M)2023-11-10 |
Class: PATCH | Family: unix |
A vulnerability was found in Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header , leading to a SIGSEGV or possibly unspecified other impact.
Platform: |
Alpine Linux 3.12 |