Use-After-Free Vulnerability in libarchive by The Open Source Community
CVE-2021-36976

6.5MEDIUM

Key Information:

Vendor

Libarchive

Status
Libarchive
Vendor
CVE Published:
20 July 2021

What is CVE-2021-36976?

The libarchive library versions 3.4.1 through 3.5.1 are susceptible to a use-after-free issue within the copy_string function, which is invoked from do_uncompress_block and process_block operations. This vulnerability could potentially allow an attacker to exploit the mishandling of memory, leading to unexpected behavior or crashes in applications utilizing the affected library versions. It is essential for users and developers to review their implementations and apply the necessary updates to mitigate associated risks.

References

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/...
x_refsource_MISC
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32375
x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.