CVE-2019-11463

libarchive/libarchive

on github

Published

April 23, 2019

Severity

CVSS v3:

5.5 MEDIUM

CVSS v2:

4.3 MEDIUM

Description

A memory leak in archive_read_format_zip_cleanup in archive_read_support_format_zip.c in libarchive 3.3.4-dev allows remote attackers to cause a denial of service via a crafted ZIP file because of a HAVE_LZMA_H typo. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected.

References

https://github.com/libarchive/libarchive/issues/1165
https://github.com/libarchive/libarchive/commit/ba641f73f3d758d9032b3f0e5597a9c6e593a505
https://access.redhat.com/security/cve/cve-2019-11463

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:libarchive:libarchive::::::::	n/a	3.4.0	*

External Links

NVD - CVE-2019-11463