Security News > 2019 > November > Linux users warned to update libarchive to beat flaw

Linux users warned to update libarchive to beat flaw
2019-11-07 13:16

The bug is identified as CVE-2019-18408, a high-priority ‘use-after-free’ bug when dealing with a failed archive.


News URL

https://nakedsecurity.sophos.com/2019/11/07/linux-users-warned-to-update-libarchive-to-beat-flaw/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2019-10-24 CVE-2019-18408 Use After Free vulnerability in multiple products
archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.
network
low complexity
libarchive debian canonical CWE-416
7.5
7.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 11 64 2337 1502 67 3970
Libarchive 1 0 33 25 2 60