CVE-2020-21674

Published: 10/15/2020 Last updated: 8/4/2024 Reserved: 8/13/2020

Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive file. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (1)

conf-cpio

Products affected (1)

Product	Vendor	Version
n/a	n/a	23.0 ap368604

References (4)

https://github.com/libarchive/libarchive/issues/1298
https://github.com/libarchive/libarchive/commit/4f085eea879e2be745f4d9bf57e8513ae48157f4
https://github.com/libarchive/libarchive/issues/1298
https://github.com/libarchive/libarchive/commit/4f085eea879e2be745f4d9bf57e8513ae48157f4