Vulnerabilities > Libarchive > Libarchive > 3.5.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-05-29 | CVE-2023-30571 | Race Condition vulnerability in Libarchive Libarchive through 3.6.2 can cause directories to have world-writable permissions. | 5.3 |
2022-11-22 | CVE-2022-36227 | NULL Pointer Dereference vulnerability in multiple products In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. | 9.8 |
2022-08-23 | CVE-2021-23177 | Link Following vulnerability in multiple products An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. | 7.8 |
2022-08-23 | CVE-2021-31566 | Link Following vulnerability in multiple products An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. | 7.8 |
2021-07-20 | CVE-2021-36976 | Use After Free vulnerability in multiple products libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block). | 6.5 |