CVE-2024-48958

Name

CVE-2024-48958

Description

execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
	https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5
	https://github.com/libarchive/libarchive/pull/2148
cve@mitre.org	https://github.com/terrynini/CVE-Reports/tree/main/CVE-2024-48958
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2025/Apr/13
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2025/Apr/11
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2025/Apr/12
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2025/Apr/4
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2025/Apr/8

Match rules

CPE URI	Source package	Min version	Max version
	n/a	== n/a	== n/a
`cpe:2.3:a:libarchive:libarchive::::::::`	libarchive	>= 0	< 3.7.5
`cpe:2.3:a:libarchive:libarchive::::::::`	libarchive	>= 3.6.0	< 3.7.5

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
libarchive	edge-main	3.7.5-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
libarchive	edge-main	3.7.4-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libarchive	edge-main	3.6.1-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libarchive	edge-main	3.6.1-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libarchive	edge-main	3.6.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libarchive	edge-main	3.5.2-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libarchive	edge-main	3.4.2-r0	None	possibly vulnerable
libarchive	edge-main	3.4.0-r0	None	possibly vulnerable
libarchive	edge-main	3.3.2-r1	None	possibly vulnerable
libarchive	3.22-main	3.7.5-r0	None	fixed
libarchive	3.22-main	3.7.4-r0	None	possibly vulnerable
libarchive	3.22-main	3.6.1-r2	None	possibly vulnerable
libarchive	3.22-main	3.6.1-r0	None	possibly vulnerable
libarchive	3.22-main	3.6.0-r0	None	possibly vulnerable
libarchive	3.22-main	3.4.2-r0	None	possibly vulnerable
libarchive	3.22-main	3.4.0-r0	None	possibly vulnerable
libarchive	3.22-main	3.3.2-r1	None	possibly vulnerable
libarchive	3.21-main	3.7.5-r0	None	fixed
libarchive	3.21-main	3.7.4-r0	None	possibly vulnerable
libarchive	3.21-main	3.6.1-r2	None	possibly vulnerable
libarchive	3.21-main	3.6.1-r0	None	possibly vulnerable
libarchive	3.21-main	3.6.0-r0	None	possibly vulnerable
libarchive	3.21-main	3.4.2-r0	None	possibly vulnerable
libarchive	3.21-main	3.4.0-r0	None	possibly vulnerable
libarchive	3.21-main	3.3.2-r1	None	possibly vulnerable
libarchive	3.20-main	3.7.4-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libarchive	3.20-main	3.6.1-r2	None	possibly vulnerable
libarchive	3.20-main	3.6.1-r0	None	possibly vulnerable
libarchive	3.20-main	3.6.0-r0	None	possibly vulnerable
libarchive	3.20-main	3.4.2-r0	None	possibly vulnerable
libarchive	3.20-main	3.4.0-r0	None	possibly vulnerable
libarchive	3.20-main	3.3.2-r1	None	possibly vulnerable
libarchive	3.19-main	3.7.4-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libarchive	3.19-main	3.6.1-r2	None	possibly vulnerable
libarchive	3.19-main	3.6.1-r0	None	possibly vulnerable
libarchive	3.19-main	3.6.0-r0	None	possibly vulnerable
libarchive	3.19-main	3.4.2-r0	None	possibly vulnerable
libarchive	3.19-main	3.4.0-r0	None	possibly vulnerable
libarchive	3.19-main	3.3.2-r1	None	possibly vulnerable