Off-by-One Error in RAR Archive Processing in Libarchive by John Doe
CVE-2017-14502

7.5HIGH

Key Information:

Vendor

Libarchive

Status
Libarchive
Vendor
CVE Published:
17 September 2017

What is CVE-2017-14502?

The version 3.3.2 of Libarchive contains an off-by-one error within the read_header function when handling UTF-16 names in RAR archives. This flaw can result in an out-of-bounds read, potentially exposing sensitive data or leading to instability in applications that utilize the library. It is essential for users and developers to apply the recommended updates or patches to mitigate risks associated with this vulnerability.

References

https://github.com/libarchive/libarchive/commit/5562545b5...
x_refsource_MISC
https://usn.ubuntu.com/3859-1/
vendor-advisoryx_refsource_UBUNTU
https://bugs.debian.org/875974
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.