3.1.901a

DATE	CVE	VULNERABILITY TITLE	RISK
2023-05-29	CVE-2023-30571	Race Condition vulnerability in Libarchive Libarchive through 3.6.2 can cause directories to have world-writable permissions. local high complexity libarchive CWE-362	5.3
2022-11-22	CVE-2022-36227	NULL Pointer Dereference vulnerability in multiple products In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. network low complexity libarchive debian fedoraproject splunk CWE-476 critical	9.8
2022-08-23	CVE-2021-23177	Link Following vulnerability in multiple products An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. local low complexity libarchive fedoraproject redhat debian CWE-59	7.8
2022-08-23	CVE-2021-31566	Link Following vulnerability in multiple products An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. local low complexity libarchive fedoraproject redhat debian splunk CWE-59	7.8
2019-10-24	CVE-2019-18408	Use After Free vulnerability in multiple products archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol. network low complexity libarchive debian canonical CWE-416	7.5
2019-04-23	CVE-2019-11463	Memory Leak vulnerability in Libarchive A memory leak in archive_read_format_zip_cleanup in archive_read_support_format_zip.c in libarchive 3.3.4-dev allows remote attackers to cause a denial of service via a crafted ZIP file because of a HAVE_LZMA_H typo. network libarchive CWE-401	4.3
2019-02-04	CVE-2019-1000020	Infinite Loop vulnerability in multiple products libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. network low complexity libarchive canonical debian redhat opensuse fedoraproject CWE-835	6.5
2019-02-04	CVE-2019-1000019	Out-of-bounds Read vulnerability in multiple products libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). network low complexity libarchive debian canonical redhat opensuse fedoraproject CWE-125	6.5
2018-12-20	CVE-2018-1000878	Use After Free vulnerability in multiple products libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. network low complexity libarchive debian canonical redhat opensuse fedoraproject CWE-416	8.8
2018-12-20	CVE-2018-1000877	Double Free vulnerability in multiple products libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. network low complexity libarchive debian canonical redhat fedoraproject CWE-415	8.8