Out-of-Bounds Read Vulnerability in Libarchive Affected by Component Zipx_lzma_alone_init
CVE-2022-26280

6.5MEDIUM

Key Information:

Vendor

Libarchive

Status
Libarchive
Vendor
CVE Published:
28 March 2022

What is CVE-2022-26280?

An out-of-bounds read vulnerability has been identified in Libarchive version 3.6.0, specifically within the zipx_lzma_alone_init component. This flaw can lead to unexpected behavior and potential information leaks, posing a serious risk for applications utilizing this library. It is crucial for users and administrators to address this vulnerability to ensure the integrity and security of their systems. Users should review the affected versions and apply relevant patches or mitigations as advised by security advisories.

References

https://github.com/libarchive/libarchive/issues/1672
x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
https://security.gentoo.org/glsa/202208-26
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.