A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.
Se encontró un fallo en libarchive. En sistemas de 32 bits, existe una vulnerabilidad de desbordamiento de entero en la lógica de asignación de punteros de bloque zisofs. Un atacante remoto puede explotar esto al proporcionar una imagen ISO9660 especialmente diseñada, lo que puede llevar a un desbordamiento de búfer de pila. Esto podría permitir potencialmente la ejecución de código arbitrario en el sistema afectado.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | NONE |
| Availability Impact | NONE |
| Source | Type | Description |
|---|---|---|
| [email protected] | Secondary |
en
CWE-190
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary |
en
CWE-190
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| libarchive | libarchive | - | <built-in method update of dict object at 0x702bdd2d49c0> | Application |
| redhat | hardened_images | - | <built-in method update of dict object at 0x702bcbd3a500> | Application |
| redhat | openshift_container_platform | 4.0 | <built-in method update of dict object at 0x702bdc3734c0> | Application |
| redhat | enterprise_linux | 6.0 | <built-in method update of dict object at 0x702bdd2d7e00> | Operating System |
| redhat | enterprise_linux | 7.0 | <built-in method update of dict object at 0x702bdd2d6280> | Operating System |
| redhat | enterprise_linux | 8.0 | <built-in method update of dict object at 0x702bfc3c7640> | Operating System |
| redhat | enterprise_linux | 9.0 | <built-in method update of dict object at 0x702bcc7603c0> | Operating System |
| redhat | enterprise_linux | 10.0 | <built-in method update of dict object at 0x702bdd2d7680> | Operating System |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:libarchive:libarchive:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:* |