Vulnerabilities > CVE-2019-11463 - Memory Leak vulnerability in Libarchive

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

libarchive

CWE-401

NVD

Published: 2019-04-23

Updated: 2020-12-08

Summary

A memory leak in archive_read_format_zip_cleanup in archive_read_support_format_zip.c in libarchive 3.3.4-dev allows remote attackers to cause a denial of service via a crafted ZIP file because of a HAVE_LZMA_H typo. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected.

Vulnerable Configurations

Part	Description	Count
Application	Libarchive Libarchive Libarchive - Libarchive Libarchive 2.6.0 Libarchive Libarchive 2.6.1 Libarchive Libarchive 2.6.2 Libarchive Libarchive 2.7.0 Libarchive Libarchive 2.7.1 Libarchive Libarchive 2.8.0 Libarchive Libarchive 2.8.1 Libarchive Libarchive 2.8.2 Libarchive Libarchive 2.8.3 Libarchive Libarchive 2.8.4 Libarchive Libarchive 2.8.5 Libarchive Libarchive 3.0.0A Libarchive Libarchive 3.0.1B Libarchive Libarchive 3.0.2 Libarchive Libarchive 3.0.3 Libarchive Libarchive 3.0.4 Libarchive Libarchive 3.1.0 Libarchive Libarchive 3.1.1 Libarchive Libarchive 3.1.2 Libarchive Libarchive 3.1.900A Libarchive Libarchive 3.1.901A Libarchive Libarchive 3.2.0 Libarchive Libarchive 3.2.1 Libarchive Libarchive 3.2.2 Libarchive Libarchive 3.3.0 Libarchive Libarchive 3.3.1 Libarchive Libarchive 3.3.2 Libarchive Libarchive 3.3.3	30

Common Weakness Enumeration (CWE)

CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References