CVE-2024-37407

CVE-2024-37407

Name

CVE-2024-37407

Description

Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
	https://github.com/libarchive/libarchive/pull/2145
	https://github.com/libarchive/libarchive/commit/b6a979481b7d77c12fa17bbed94576b63bbcb0c0
	https://github.com/libarchive/libarchive/releases/tag/v3.7.4

Type

URI

https://github.com/libarchive/libarchive/pull/2145

https://github.com/libarchive/libarchive/commit/b6a979481b7d77c12fa17bbed94576b63bbcb0c0

https://github.com/libarchive/libarchive/releases/tag/v3.7.4

Match rules

CPE URI	Source package	Min version	Max version
	n/a	== n/a	== n/a
`cpe:2.3:a:libarchive:libarchive::::::::`	libarchive	>= 0	<= 3.7.4
`cpe:2.3:a:libarchive:libarchive::::::::`	libarchive	>= None	< 3.7.4
`cpe:2.3:a:libarchive:libarchive:3.7.3:::::::*`	libarchive	== None	== 3.7.3

CPE URI

Source package

Min version

Max version

n/a

== n/a

cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*

libarchive

>= 0

<= 3.7.4

cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*

libarchive

>= None

< 3.7.4

cpe:2.3:a:libarchive:libarchive:3.7.3:*:*:*:*:*:*:*

libarchive

== None

== 3.7.3

References

Match rules

Vulnerable and fixed packages