Vulnerabilities > Libarchive > Libarchive > 3.6.0

DATE CVE VULNERABILITY TITLE RISK
2023-05-29 CVE-2023-30571 Race Condition vulnerability in Libarchive
Libarchive through 3.6.2 can cause directories to have world-writable permissions.
local
high complexity
libarchive CWE-362
5.3
5.3
2022-11-22 CVE-2022-36227 NULL Pointer Dereference vulnerability in multiple products
In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference.
network
low complexity
libarchive debian fedoraproject splunk CWE-476
critical
 9.8
9.8
2022-03-28 CVE-2022-26280 Out-of-bounds Read vulnerability in multiple products
Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.
network
high complexity
libarchive fedoraproject CWE-125
6.5
6.5