CVE-2024-37407

Name
CVE-2024-37407
Description
Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
https://github.com/libarchive/libarchive/pull/2145
https://github.com/libarchive/libarchive/commit/b6a979481b7d77c12fa17bbed94576b63bbcb0c0
https://github.com/libarchive/libarchive/releases/tag/v3.7.4

Match rules

CPE URI Source package Min version Max version
n/a == n/a == n/a
cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:* libarchive >= 0 <= 3.7.4
cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:* libarchive >= None < 3.7.4
cpe:2.3:a:libarchive:libarchive:3.7.3:*:*:*:*:*:*:* libarchive == None == 3.7.3

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
libarchive edge-main 3.7.4-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libarchive edge-main 3.6.1-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libarchive edge-main 3.6.1-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libarchive edge-main 3.6.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libarchive edge-main 3.5.2-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libarchive edge-main 3.4.2-r0 None possibly vulnerable
libarchive edge-main 3.4.0-r0 None possibly vulnerable
libarchive edge-main 3.3.2-r1 None possibly vulnerable
libarchive 3.22-main 3.7.4-r0 None possibly vulnerable
libarchive 3.22-main 3.6.1-r2 None possibly vulnerable
libarchive 3.22-main 3.6.1-r0 None possibly vulnerable
libarchive 3.22-main 3.6.0-r0 None possibly vulnerable
libarchive 3.22-main 3.4.2-r0 None possibly vulnerable
libarchive 3.22-main 3.4.0-r0 None possibly vulnerable
libarchive 3.22-main 3.3.2-r1 None possibly vulnerable
libarchive 3.21-main 3.7.4-r0 None possibly vulnerable
libarchive 3.21-main 3.6.1-r2 None possibly vulnerable
libarchive 3.21-main 3.6.1-r0 None possibly vulnerable
libarchive 3.21-main 3.6.0-r0 None possibly vulnerable
libarchive 3.21-main 3.4.2-r0 None possibly vulnerable
libarchive 3.21-main 3.4.0-r0 None possibly vulnerable
libarchive 3.21-main 3.3.2-r1 None possibly vulnerable
libarchive 3.20-main 3.7.4-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libarchive 3.20-main 3.6.1-r2 None possibly vulnerable
libarchive 3.20-main 3.6.1-r0 None possibly vulnerable
libarchive 3.20-main 3.6.0-r0 None possibly vulnerable
libarchive 3.20-main 3.4.2-r0 None possibly vulnerable
libarchive 3.20-main 3.4.0-r0 None possibly vulnerable
libarchive 3.20-main 3.3.2-r1 None possibly vulnerable
libarchive 3.19-main 3.7.4-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libarchive 3.19-main 3.6.1-r2 None possibly vulnerable
libarchive 3.19-main 3.6.1-r0 None possibly vulnerable
libarchive 3.19-main 3.6.0-r0 None possibly vulnerable
libarchive 3.19-main 3.4.2-r0 None possibly vulnerable
libarchive 3.19-main 3.4.0-r0 None possibly vulnerable
libarchive 3.19-main 3.3.2-r1 None possibly vulnerable
libarchive 3.18-main 3.7.4-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libarchive 3.17-main 3.7.4-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable