It was discovered that libarchive incorrectly handled symlinks. If a user or automated system were tricked into processing a specially crafted archive, an attacker could possibly use this issue to change modes, times, ACLs, and flags on arbitrary files. (CVE-2021-23177, CVE-2021-31566)
It was discovered that libarchive incorrectly handled certain RAR archives. If a user or automated system were tricked into processing a specially crafted RAR archive, an attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-36976)
{ "availability": "No subscription required", "binaries": [ { "binary_name": "libarchive-dev", "binary_version": "3.4.0-2ubuntu1.1" }, { "binary_name": "libarchive-tools", "binary_version": "3.4.0-2ubuntu1.1" }, { "binary_name": "libarchive-tools-dbgsym", "binary_version": "3.4.0-2ubuntu1.1" }, { "binary_name": "libarchive13", "binary_version": "3.4.0-2ubuntu1.1" }, { "binary_name": "libarchive13-dbgsym", "binary_version": "3.4.0-2ubuntu1.1" } ] }