CVE-2024-57970

libarchive through 3.7.7 has a heap-based buffer over-read in headergnulonglink in archivereadsupportformattar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname.

References

Affected packages

Git / github.com/libarchive/libarchive

Affected ranges

Type

GIT

Repo

https://github.com/libarchive/libarchive

Events

Introduced

Last affected

b439d586f53911c84be5e380445a8a259e19114c

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.7.7"
        }
    ]
}

Affected versions

v2.*

v2.6.0

v2.6.1

v2.6.2

v2.7.0

v2.7.1

v2.8.0

v2.8.1

v2.8.2

v2.8.3

v2.8.4

v2.8.5

v3.*

v3.0.0a

v3.0.1b

v3.0.2

v3.0.3

v3.0.4

v3.1.0

v3.1.1

v3.1.2

v3.1.900a

v3.1.901a

v3.2.0

v3.2.1

v3.2.2

v3.3.0

v3.3.1

v3.3.2

v3.3.3

v3.4.0

v3.4.1

v3.4.2

v3.4.3

v3.5.0

v3.5.1

v3.5.2

v3.6.0

v3.6.1

v3.6.2

v3.7.0

v3.7.1

v3.7.2

v3.7.3

v3.7.4

v3.7.5

v3.7.6

v3.7.7

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-57970.json"