Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2007-3641 (GCVE-0-2007-3641)
Vulnerability from cvelistv5 – Published: 2007-07-14 00:00 – Updated: 2024-08-07 14:21
VLAI?
EPSS
Summary
archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
16 references
Date Public ?
2007-07-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:36.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "freebsd-libarchive-pax-bo(35405)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35405"
},
{
"name": "ADV-2007-2521",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2521"
},
{
"name": "DSA-1455",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1455"
},
{
"name": "FreeBSD-SA-07:05.libarchive",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.freebsd.org/patches/SA-07:05/libarchive.patch"
},
{
"name": "26050",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26050"
},
{
"name": "24885",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24885"
},
{
"name": "GLSA-200708-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200708-03.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924"
},
{
"name": "38092",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38092"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://people.freebsd.org/~kientzle/libarchive/"
},
{
"name": "26062",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26062"
},
{
"name": "26355",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26355"
},
{
"name": "1018379",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018379"
},
{
"name": "28377",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28377"
},
{
"name": "SUSE-SR:2007:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "freebsd-libarchive-pax-bo(35405)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35405"
},
{
"name": "ADV-2007-2521",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2521"
},
{
"name": "DSA-1455",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1455"
},
{
"name": "FreeBSD-SA-07:05.libarchive",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.freebsd.org/patches/SA-07:05/libarchive.patch"
},
{
"name": "26050",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26050"
},
{
"name": "24885",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24885"
},
{
"name": "GLSA-200708-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200708-03.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924"
},
{
"name": "38092",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38092"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://people.freebsd.org/~kientzle/libarchive/"
},
{
"name": "26062",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26062"
},
{
"name": "26355",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26355"
},
{
"name": "1018379",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018379"
},
{
"name": "28377",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28377"
},
{
"name": "SUSE-SR:2007:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2007-3641",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "freebsd-libarchive-pax-bo(35405)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35405"
},
{
"name": "ADV-2007-2521",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2521"
},
{
"name": "DSA-1455",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1455"
},
{
"name": "FreeBSD-SA-07:05.libarchive",
"refsource": "FREEBSD",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc"
},
{
"name": "http://security.freebsd.org/patches/SA-07:05/libarchive.patch",
"refsource": "MISC",
"url": "http://security.freebsd.org/patches/SA-07:05/libarchive.patch"
},
{
"name": "26050",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26050"
},
{
"name": "24885",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24885"
},
{
"name": "GLSA-200708-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200708-03.xml"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924"
},
{
"name": "38092",
"refsource": "OSVDB",
"url": "http://osvdb.org/38092"
},
{
"name": "http://people.freebsd.org/~kientzle/libarchive/",
"refsource": "CONFIRM",
"url": "http://people.freebsd.org/~kientzle/libarchive/"
},
{
"name": "26062",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26062"
},
{
"name": "26355",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26355"
},
{
"name": "1018379",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018379"
},
{
"name": "28377",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28377"
},
{
"name": "SUSE-SR:2007:015",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2007-3641",
"datePublished": "2007-07-14T00:00:00.000Z",
"dateReserved": "2007-07-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:21:36.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2007-3641",
"date": "2026-05-24",
"epss": "0.37158",
"percentile": "0.97225"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:freebsd:libarchive:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.2.3\", \"matchCriteriaId\": \"637AE244-745E-4506-90FA-6092C83CC9BD\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow.\"}, {\"lang\": \"es\", \"value\": \"El archive_read_support_format_tar.c en el libarchive anterior al 2.2.4 no calcula adecuadamente la longitud de ciertos b\\u00fafers cuando est\\u00e1 procesando cabeceras de la extensi\\u00f3n pax mal formadas, lo que permite a atacantes con la intervenci\\u00f3n del usuario provocar una denegaci\\u00f3n de servicio (ca\\u00edda) y, posiblemente, ejecutar c\\u00f3digo de su elecci\\u00f3n a trav\\u00e9s de archivos (1) PAX o (2) TAR que disparen desbordamientos de b\\u00fafer.\"}]",
"id": "CVE-2007-3641",
"lastModified": "2024-11-21T00:33:43.503",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2007-07-14T00:30:00.000",
"references": "[{\"url\": \"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924\", \"source\": \"secteam@freebsd.org\"}, {\"url\": \"http://osvdb.org/38092\", \"source\": \"secteam@freebsd.org\"}, {\"url\": \"http://people.freebsd.org/~kientzle/libarchive/\", \"source\": \"secteam@freebsd.org\"}, {\"url\": \"http://secunia.com/advisories/26050\", \"source\": \"secteam@freebsd.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/26062\", \"source\": \"secteam@freebsd.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/26355\", \"source\": \"secteam@freebsd.org\"}, {\"url\": \"http://secunia.com/advisories/28377\", \"source\": \"secteam@freebsd.org\"}, {\"url\": \"http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc\", \"source\": \"secteam@freebsd.org\"}, {\"url\": \"http://security.freebsd.org/patches/SA-07:05/libarchive.patch\", \"source\": \"secteam@freebsd.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200708-03.xml\", \"source\": \"secteam@freebsd.org\"}, {\"url\": \"http://www.debian.org/security/2008/dsa-1455\", \"source\": \"secteam@freebsd.org\"}, {\"url\": \"http://www.novell.com/linux/security/advisories/2007_15_sr.html\", \"source\": \"secteam@freebsd.org\"}, {\"url\": \"http://www.securityfocus.com/bid/24885\", \"source\": \"secteam@freebsd.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securitytracker.com/id?1018379\", \"source\": \"secteam@freebsd.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2521\", \"source\": \"secteam@freebsd.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/35405\", \"source\": \"secteam@freebsd.org\"}, {\"url\": \"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/38092\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://people.freebsd.org/~kientzle/libarchive/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/26050\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/26062\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/26355\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/28377\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://security.freebsd.org/patches/SA-07:05/libarchive.patch\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200708-03.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2008/dsa-1455\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.novell.com/linux/security/advisories/2007_15_sr.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/24885\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securitytracker.com/id?1018379\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2521\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/35405\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "secteam@freebsd.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2007-3641\",\"sourceIdentifier\":\"secteam@freebsd.org\",\"published\":\"2007-07-14T00:30:00.000\",\"lastModified\":\"2026-04-23T00:35:47.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow.\"},{\"lang\":\"es\",\"value\":\"El archive_read_support_format_tar.c en el libarchive anterior al 2.2.4 no calcula adecuadamente la longitud de ciertos b\u00fafers cuando est\u00e1 procesando cabeceras de la extensi\u00f3n pax mal formadas, lo que permite a atacantes con la intervenci\u00f3n del usuario provocar una denegaci\u00f3n de servicio (ca\u00edda) y, posiblemente, ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de archivos (1) PAX o (2) TAR que disparen desbordamientos de b\u00fafer.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freebsd:libarchive:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.2.3\",\"matchCriteriaId\":\"637AE244-745E-4506-90FA-6092C83CC9BD\"}]}]}],\"references\":[{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924\",\"source\":\"secteam@freebsd.org\"},{\"url\":\"http://osvdb.org/38092\",\"source\":\"secteam@freebsd.org\"},{\"url\":\"http://people.freebsd.org/~kientzle/libarchive/\",\"source\":\"secteam@freebsd.org\"},{\"url\":\"http://secunia.com/advisories/26050\",\"source\":\"secteam@freebsd.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/26062\",\"source\":\"secteam@freebsd.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/26355\",\"source\":\"secteam@freebsd.org\"},{\"url\":\"http://secunia.com/advisories/28377\",\"source\":\"secteam@freebsd.org\"},{\"url\":\"http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc\",\"source\":\"secteam@freebsd.org\"},{\"url\":\"http://security.freebsd.org/patches/SA-07:05/libarchive.patch\",\"source\":\"secteam@freebsd.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200708-03.xml\",\"source\":\"secteam@freebsd.org\"},{\"url\":\"http://www.debian.org/security/2008/dsa-1455\",\"source\":\"secteam@freebsd.org\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2007_15_sr.html\",\"source\":\"secteam@freebsd.org\"},{\"url\":\"http://www.securityfocus.com/bid/24885\",\"source\":\"secteam@freebsd.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securitytracker.com/id?1018379\",\"source\":\"secteam@freebsd.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2521\",\"source\":\"secteam@freebsd.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/35405\",\"source\":\"secteam@freebsd.org\"},{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/38092\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://people.freebsd.org/~kientzle/libarchive/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/26050\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/26062\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/26355\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/28377\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://security.freebsd.org/patches/SA-07:05/libarchive.patch\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200708-03.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2008/dsa-1455\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2007_15_sr.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/24885\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securitytracker.com/id?1018379\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2521\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/35405\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
CERTA-2007-AVI-313
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité dans la vulnérabilité libarchive permet à un utilisateur distant de provoquer un déni de service ou potentiellement d'exécuter du code arbitraire.
Description
Une vulnérabilité dans la bibliothèque de fonctions libarchive a été
identifiée. Cette bibliothèque est, en particulier, utilisée par la
commande d'archivage tar. Un utilisateur distant malintentionné peut
ainsi provoquer un arrêt de l'application vulnérable ou exécuter du code
arbitraire via une archive de type tar particulière.
NB : un simple listage (tar -t) de l'archive
suffit pour exploiter la vulnérabilité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "libarchive 1.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "libarchive 2.x.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans la biblioth\u00e8que de fonctions libarchive a \u00e9t\u00e9\nidentifi\u00e9e. Cette biblioth\u00e8que est, en particulier, utilis\u00e9e par la\ncommande d\u0027archivage tar. Un utilisateur distant malintentionn\u00e9 peut\nainsi provoquer un arr\u00eat de l\u0027application vuln\u00e9rable ou ex\u00e9cuter du code\narbitraire via une archive de type tar particuli\u00e8re. \n\u003cspan class=\"textbf\"\u003eNB :\u003c/span\u003e un simple listage (tar -t) de l\u0027archive\nsuffit pour exploiter la vuln\u00e9rabilit\u00e9.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2007-3641",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3641"
},
{
"name": "CVE-2007-3645",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3645"
},
{
"name": "CVE-2007-3644",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3644"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200708-03 du 08 ao\u00fbt 2007 :",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200708-03.xml"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SuSE SUSE-SR:2007:015 du 03 ao\u00fbt 2007 :",
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-08/msg00003.htm"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 FreeBSD SA-07:05.libarchive du 12 juillet 2007 :",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-07:05.libarchive.asc"
}
],
"reference": "CERTA-2007-AVI-313",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2007-07-18T00:00:00.000000"
},
{
"description": "modification des syst\u00e8mes affect\u00e9s, ajout des r\u00e9f\u00e9rences CVE et des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Gentoo et SuSE.",
"revision_date": "2007-08-08T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans la vuln\u00e9rabilit\u00e9 libarchive permet \u00e0 un\nutilisateur distant de provoquer un d\u00e9ni de service ou potentiellement\nd\u0027ex\u00e9cuter du code arbitraire.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans la biblioth\u00e8que libarchive",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FreeBSD du 12 juillet 2007",
"url": null
}
]
}
CERTA-2007-AVI-313
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité dans la vulnérabilité libarchive permet à un utilisateur distant de provoquer un déni de service ou potentiellement d'exécuter du code arbitraire.
Description
Une vulnérabilité dans la bibliothèque de fonctions libarchive a été
identifiée. Cette bibliothèque est, en particulier, utilisée par la
commande d'archivage tar. Un utilisateur distant malintentionné peut
ainsi provoquer un arrêt de l'application vulnérable ou exécuter du code
arbitraire via une archive de type tar particulière.
NB : un simple listage (tar -t) de l'archive
suffit pour exploiter la vulnérabilité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "libarchive 1.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "libarchive 2.x.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans la biblioth\u00e8que de fonctions libarchive a \u00e9t\u00e9\nidentifi\u00e9e. Cette biblioth\u00e8que est, en particulier, utilis\u00e9e par la\ncommande d\u0027archivage tar. Un utilisateur distant malintentionn\u00e9 peut\nainsi provoquer un arr\u00eat de l\u0027application vuln\u00e9rable ou ex\u00e9cuter du code\narbitraire via une archive de type tar particuli\u00e8re. \n\u003cspan class=\"textbf\"\u003eNB :\u003c/span\u003e un simple listage (tar -t) de l\u0027archive\nsuffit pour exploiter la vuln\u00e9rabilit\u00e9.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2007-3641",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3641"
},
{
"name": "CVE-2007-3645",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3645"
},
{
"name": "CVE-2007-3644",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3644"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200708-03 du 08 ao\u00fbt 2007 :",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200708-03.xml"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SuSE SUSE-SR:2007:015 du 03 ao\u00fbt 2007 :",
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-08/msg00003.htm"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 FreeBSD SA-07:05.libarchive du 12 juillet 2007 :",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-07:05.libarchive.asc"
}
],
"reference": "CERTA-2007-AVI-313",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2007-07-18T00:00:00.000000"
},
{
"description": "modification des syst\u00e8mes affect\u00e9s, ajout des r\u00e9f\u00e9rences CVE et des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Gentoo et SuSE.",
"revision_date": "2007-08-08T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans la vuln\u00e9rabilit\u00e9 libarchive permet \u00e0 un\nutilisateur distant de provoquer un d\u00e9ni de service ou potentiellement\nd\u0027ex\u00e9cuter du code arbitraire.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans la biblioth\u00e8que libarchive",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FreeBSD du 12 juillet 2007",
"url": null
}
]
}
FKIE_CVE-2007-3641
Vulnerability from fkie_nvd - Published: 2007-07-14 00:30 - Updated: 2026-04-23 00:35
Severity ?
Summary
archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freebsd | libarchive | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freebsd:libarchive:*:*:*:*:*:*:*:*",
"matchCriteriaId": "637AE244-745E-4506-90FA-6092C83CC9BD",
"versionEndIncluding": "2.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow."
},
{
"lang": "es",
"value": "El archive_read_support_format_tar.c en el libarchive anterior al 2.2.4 no calcula adecuadamente la longitud de ciertos b\u00fafers cuando est\u00e1 procesando cabeceras de la extensi\u00f3n pax mal formadas, lo que permite a atacantes con la intervenci\u00f3n del usuario provocar una denegaci\u00f3n de servicio (ca\u00edda) y, posiblemente, ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de archivos (1) PAX o (2) TAR que disparen desbordamientos de b\u00fafer."
}
],
"id": "CVE-2007-3641",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-07-14T00:30:00.000",
"references": [
{
"source": "secteam@freebsd.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924"
},
{
"source": "secteam@freebsd.org",
"url": "http://osvdb.org/38092"
},
{
"source": "secteam@freebsd.org",
"url": "http://people.freebsd.org/~kientzle/libarchive/"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26050"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26062"
},
{
"source": "secteam@freebsd.org",
"url": "http://secunia.com/advisories/26355"
},
{
"source": "secteam@freebsd.org",
"url": "http://secunia.com/advisories/28377"
},
{
"source": "secteam@freebsd.org",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Patch"
],
"url": "http://security.freebsd.org/patches/SA-07:05/libarchive.patch"
},
{
"source": "secteam@freebsd.org",
"url": "http://security.gentoo.org/glsa/glsa-200708-03.xml"
},
{
"source": "secteam@freebsd.org",
"url": "http://www.debian.org/security/2008/dsa-1455"
},
{
"source": "secteam@freebsd.org",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/24885"
},
{
"source": "secteam@freebsd.org",
"url": "http://www.securitytracker.com/id?1018379"
},
{
"source": "secteam@freebsd.org",
"url": "http://www.vupen.com/english/advisories/2007/2521"
},
{
"source": "secteam@freebsd.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/38092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://people.freebsd.org/~kientzle/libarchive/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://security.freebsd.org/patches/SA-07:05/libarchive.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200708-03.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/24885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35405"
}
],
"sourceIdentifier": "secteam@freebsd.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-72GG-M2HJ-9C97
Vulnerability from github – Published: 2022-05-01 18:15 – Updated: 2025-04-09 03:43
VLAI?
Details
archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow.
{
"affected": [],
"aliases": [
"CVE-2007-3641"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2007-07-14T00:30:00Z",
"severity": "HIGH"
},
"details": "archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow.",
"id": "GHSA-72gg-m2hj-9c97",
"modified": "2025-04-09T03:43:57Z",
"published": "2022-05-01T18:15:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3641"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35405"
},
{
"type": "WEB",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924"
},
{
"type": "WEB",
"url": "http://osvdb.org/38092"
},
{
"type": "WEB",
"url": "http://people.freebsd.org/~kientzle/libarchive"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/26050"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/26062"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/26355"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/28377"
},
{
"type": "WEB",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc"
},
{
"type": "WEB",
"url": "http://security.freebsd.org/patches/SA-07:05/libarchive.patch"
},
{
"type": "WEB",
"url": "http://security.gentoo.org/glsa/glsa-200708-03.xml"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2008/dsa-1455"
},
{
"type": "WEB",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/24885"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1018379"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2007/2521"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2007-3641
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2007-3641",
"description": "archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow.",
"id": "GSD-2007-3641",
"references": [
"https://www.suse.com/security/cve/CVE-2007-3641.html",
"https://www.debian.org/security/2008/dsa-1455"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2007-3641"
],
"details": "archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow.",
"id": "GSD-2007-3641",
"modified": "2023-12-13T01:21:41.860471Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2007-3641",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "freebsd-libarchive-pax-bo(35405)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35405"
},
{
"name": "ADV-2007-2521",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2521"
},
{
"name": "DSA-1455",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1455"
},
{
"name": "FreeBSD-SA-07:05.libarchive",
"refsource": "FREEBSD",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc"
},
{
"name": "http://security.freebsd.org/patches/SA-07:05/libarchive.patch",
"refsource": "MISC",
"url": "http://security.freebsd.org/patches/SA-07:05/libarchive.patch"
},
{
"name": "26050",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26050"
},
{
"name": "24885",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24885"
},
{
"name": "GLSA-200708-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200708-03.xml"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924"
},
{
"name": "38092",
"refsource": "OSVDB",
"url": "http://osvdb.org/38092"
},
{
"name": "http://people.freebsd.org/~kientzle/libarchive/",
"refsource": "CONFIRM",
"url": "http://people.freebsd.org/~kientzle/libarchive/"
},
{
"name": "26062",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26062"
},
{
"name": "26355",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26355"
},
{
"name": "1018379",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018379"
},
{
"name": "28377",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28377"
},
{
"name": "SUSE-SR:2007:015",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:freebsd:libarchive:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.2.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2007-3641"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security.freebsd.org/patches/SA-07:05/libarchive.patch",
"refsource": "MISC",
"tags": [
"Patch"
],
"url": "http://security.freebsd.org/patches/SA-07:05/libarchive.patch"
},
{
"name": "http://people.freebsd.org/~kientzle/libarchive/",
"refsource": "CONFIRM",
"tags": [],
"url": "http://people.freebsd.org/~kientzle/libarchive/"
},
{
"name": "FreeBSD-SA-07:05.libarchive",
"refsource": "FREEBSD",
"tags": [],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc"
},
{
"name": "24885",
"refsource": "BID",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/24885"
},
{
"name": "1018379",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id?1018379"
},
{
"name": "26050",
"refsource": "SECUNIA",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26050"
},
{
"name": "26062",
"refsource": "SECUNIA",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26062"
},
{
"name": "GLSA-200708-03",
"refsource": "GENTOO",
"tags": [],
"url": "http://security.gentoo.org/glsa/glsa-200708-03.xml"
},
{
"name": "SUSE-SR:2007:015",
"refsource": "SUSE",
"tags": [],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"name": "26355",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/26355"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924",
"refsource": "CONFIRM",
"tags": [],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924"
},
{
"name": "DSA-1455",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2008/dsa-1455"
},
{
"name": "28377",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/28377"
},
{
"name": "ADV-2007-2521",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2007/2521"
},
{
"name": "38092",
"refsource": "OSVDB",
"tags": [],
"url": "http://osvdb.org/38092"
},
{
"name": "freebsd-libarchive-pax-bo(35405)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35405"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": true
}
},
"lastModifiedDate": "2017-07-29T01:32Z",
"publishedDate": "2007-07-14T00:30Z"
}
}
}
OPENSUSE-SU-2024:10925-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
bsdtar-3.5.1-1.5 on GA media
Severity
Moderate
Notes
Title of the patch: bsdtar-3.5.1-1.5 on GA media
Description of the patch: These are all security issues fixed in the bsdtar-3.5.1-1.5 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10925
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.1 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
4.4 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
37 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "bsdtar-3.5.1-1.5 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the bsdtar-3.5.1-1.5 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10925",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10925-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2006-5680 page",
"url": "https://www.suse.com/security/cve/CVE-2006-5680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-3641 page",
"url": "https://www.suse.com/security/cve/CVE-2007-3641/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-14166 page",
"url": "https://www.suse.com/security/cve/CVE-2017-14166/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-14501 page",
"url": "https://www.suse.com/security/cve/CVE-2017-14501/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000877 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000877/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000878 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000878/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000879 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000879/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000880 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000880/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-1000019 page",
"url": "https://www.suse.com/security/cve/CVE-2019-1000019/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-1000020 page",
"url": "https://www.suse.com/security/cve/CVE-2019-1000020/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18408 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18408/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19221 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19221/"
}
],
"title": "bsdtar-3.5.1-1.5 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10925-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.5.1-1.5.aarch64",
"product": {
"name": "bsdtar-3.5.1-1.5.aarch64",
"product_id": "bsdtar-3.5.1-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.5.1-1.5.aarch64",
"product": {
"name": "libarchive-devel-3.5.1-1.5.aarch64",
"product_id": "libarchive-devel-3.5.1-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "libarchive13-3.5.1-1.5.aarch64",
"product": {
"name": "libarchive13-3.5.1-1.5.aarch64",
"product_id": "libarchive13-3.5.1-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "libarchive13-32bit-3.5.1-1.5.aarch64",
"product": {
"name": "libarchive13-32bit-3.5.1-1.5.aarch64",
"product_id": "libarchive13-32bit-3.5.1-1.5.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.5.1-1.5.ppc64le",
"product": {
"name": "bsdtar-3.5.1-1.5.ppc64le",
"product_id": "bsdtar-3.5.1-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.5.1-1.5.ppc64le",
"product": {
"name": "libarchive-devel-3.5.1-1.5.ppc64le",
"product_id": "libarchive-devel-3.5.1-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "libarchive13-3.5.1-1.5.ppc64le",
"product": {
"name": "libarchive13-3.5.1-1.5.ppc64le",
"product_id": "libarchive13-3.5.1-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "libarchive13-32bit-3.5.1-1.5.ppc64le",
"product": {
"name": "libarchive13-32bit-3.5.1-1.5.ppc64le",
"product_id": "libarchive13-32bit-3.5.1-1.5.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.5.1-1.5.s390x",
"product": {
"name": "bsdtar-3.5.1-1.5.s390x",
"product_id": "bsdtar-3.5.1-1.5.s390x"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.5.1-1.5.s390x",
"product": {
"name": "libarchive-devel-3.5.1-1.5.s390x",
"product_id": "libarchive-devel-3.5.1-1.5.s390x"
}
},
{
"category": "product_version",
"name": "libarchive13-3.5.1-1.5.s390x",
"product": {
"name": "libarchive13-3.5.1-1.5.s390x",
"product_id": "libarchive13-3.5.1-1.5.s390x"
}
},
{
"category": "product_version",
"name": "libarchive13-32bit-3.5.1-1.5.s390x",
"product": {
"name": "libarchive13-32bit-3.5.1-1.5.s390x",
"product_id": "libarchive13-32bit-3.5.1-1.5.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.5.1-1.5.x86_64",
"product": {
"name": "bsdtar-3.5.1-1.5.x86_64",
"product_id": "bsdtar-3.5.1-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.5.1-1.5.x86_64",
"product": {
"name": "libarchive-devel-3.5.1-1.5.x86_64",
"product_id": "libarchive-devel-3.5.1-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "libarchive13-3.5.1-1.5.x86_64",
"product": {
"name": "libarchive13-3.5.1-1.5.x86_64",
"product_id": "libarchive13-3.5.1-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "libarchive13-32bit-3.5.1-1.5.x86_64",
"product": {
"name": "libarchive13-32bit-3.5.1-1.5.x86_64",
"product_id": "libarchive13-32bit-3.5.1-1.5.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.5.1-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64"
},
"product_reference": "bsdtar-3.5.1-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.5.1-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le"
},
"product_reference": "bsdtar-3.5.1-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.5.1-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x"
},
"product_reference": "bsdtar-3.5.1-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.5.1-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64"
},
"product_reference": "bsdtar-3.5.1-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.5.1-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64"
},
"product_reference": "libarchive-devel-3.5.1-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.5.1-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le"
},
"product_reference": "libarchive-devel-3.5.1-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.5.1-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x"
},
"product_reference": "libarchive-devel-3.5.1-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.5.1-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64"
},
"product_reference": "libarchive-devel-3.5.1-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64"
},
"product_reference": "libarchive13-3.5.1-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le"
},
"product_reference": "libarchive13-3.5.1-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x"
},
"product_reference": "libarchive13-3.5.1-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64"
},
"product_reference": "libarchive13-3.5.1-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-32bit-3.5.1-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64"
},
"product_reference": "libarchive13-32bit-3.5.1-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-32bit-3.5.1-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le"
},
"product_reference": "libarchive13-32bit-3.5.1-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-32bit-3.5.1-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x"
},
"product_reference": "libarchive13-32bit-3.5.1-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-32bit-3.5.1-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64"
},
"product_reference": "libarchive13-32bit-3.5.1-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2006-5680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2006-5680"
}
],
"notes": [
{
"category": "general",
"text": "The libarchive library in FreeBSD 6-STABLE after 2006-09-05 and before 2006-11-08 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive that causes libarchive to skip a region past the actual end of the archive, which triggers an infinite loop that attempts to read more data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2006-5680",
"url": "https://www.suse.com/security/cve/CVE-2006-5680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2006-5680"
},
{
"cve": "CVE-2007-3641",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-3641"
}
],
"notes": [
{
"category": "general",
"text": "archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-3641",
"url": "https://www.suse.com/security/cve/CVE-2007-3641"
},
{
"category": "external",
"summary": "SUSE Bug 291358 for CVE-2007-3641",
"url": "https://bugzilla.suse.com/291358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2007-3641"
},
{
"cve": "CVE-2017-14166",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-14166"
}
],
"notes": [
{
"category": "general",
"text": "libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-14166",
"url": "https://www.suse.com/security/cve/CVE-2017-14166"
},
{
"category": "external",
"summary": "SUSE Bug 1057514 for CVE-2017-14166",
"url": "https://bugzilla.suse.com/1057514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-14166"
},
{
"cve": "CVE-2017-14501",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-14501"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-14501",
"url": "https://www.suse.com/security/cve/CVE-2017-14501"
},
{
"category": "external",
"summary": "SUSE Bug 1059139 for CVE-2017-14501",
"url": "https://bugzilla.suse.com/1059139"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2017-14501"
},
{
"cve": "CVE-2018-1000877",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000877"
}
],
"notes": [
{
"category": "general",
"text": "libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar-\u003elzss.window, new_size) with new_size = 0 that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted RAR archive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000877",
"url": "https://www.suse.com/security/cve/CVE-2018-1000877"
},
{
"category": "external",
"summary": "SUSE Bug 1120653 for CVE-2018-1000877",
"url": "https://bugzilla.suse.com/1120653"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-1000877"
},
{
"cve": "CVE-2018-1000878",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000878"
}
],
"notes": [
{
"category": "general",
"text": "libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000878",
"url": "https://www.suse.com/security/cve/CVE-2018-1000878"
},
{
"category": "external",
"summary": "SUSE Bug 1120654 for CVE-2018-1000878",
"url": "https://bugzilla.suse.com/1120654"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-1000878"
},
{
"cve": "CVE-2018-1000879",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000879"
}
],
"notes": [
{
"category": "general",
"text": "libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000879",
"url": "https://www.suse.com/security/cve/CVE-2018-1000879"
},
{
"category": "external",
"summary": "SUSE Bug 1120656 for CVE-2018-1000879",
"url": "https://bugzilla.suse.com/1120656"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-1000879"
},
{
"cve": "CVE-2018-1000880",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000880"
}
],
"notes": [
{
"category": "general",
"text": "libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000880",
"url": "https://www.suse.com/security/cve/CVE-2018-1000880"
},
{
"category": "external",
"summary": "SUSE Bug 1120659 for CVE-2018-1000880",
"url": "https://bugzilla.suse.com/1120659"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-1000880"
},
{
"cve": "CVE-2019-1000019",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-1000019"
}
],
"notes": [
{
"category": "general",
"text": "libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-1000019",
"url": "https://www.suse.com/security/cve/CVE-2019-1000019"
},
{
"category": "external",
"summary": "SUSE Bug 1124341 for CVE-2019-1000019",
"url": "https://bugzilla.suse.com/1124341"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-1000019"
},
{
"cve": "CVE-2019-1000020",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-1000020"
}
],
"notes": [
{
"category": "general",
"text": "libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-1000020",
"url": "https://www.suse.com/security/cve/CVE-2019-1000020"
},
{
"category": "external",
"summary": "SUSE Bug 1124342 for CVE-2019-1000020",
"url": "https://bugzilla.suse.com/1124342"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-1000020"
},
{
"cve": "CVE-2019-18408",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18408"
}
],
"notes": [
{
"category": "general",
"text": "archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18408",
"url": "https://www.suse.com/security/cve/CVE-2019-18408"
},
{
"category": "external",
"summary": "SUSE Bug 1155079 for CVE-2019-18408",
"url": "https://bugzilla.suse.com/1155079"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-18408"
},
{
"cve": "CVE-2019-19221",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19221"
}
],
"notes": [
{
"category": "general",
"text": "In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19221",
"url": "https://www.suse.com/security/cve/CVE-2019-19221"
},
{
"category": "external",
"summary": "SUSE Bug 1157569 for CVE-2019-19221",
"url": "https://bugzilla.suse.com/1157569"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:bsdtar-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-3.5.1-1.5.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.5.1-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-19221"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…