ID CVE-2020-9308
Summary archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspecified other impact.
References
Vulnerable Configurations
  • cpe:2.3:a:libarchive:libarchive:3.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:libarchive:libarchive:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libarchive:libarchive:3.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:libarchive:libarchive:3.4.1:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 01-01-2022 - 19:39)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
fedora
  • FEDORA-2020-94211d0a7d
  • FEDORA-2020-d8278fe24d
gentoo GLSA-202003-28
misc
ubuntu USN-4293-1
Last major update 01-01-2022 - 19:39
Published 20-02-2020 - 07:15
Last modified 01-01-2022 - 19:39
Back to Top