发布于3月6日3月6日 Members Amazon Linux 2023: CVE-2024-48957: Important priority package update for libarchive Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 10/10/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer. Solution(s) amazon-linux-2023-upgrade-bsdcat amazon-linux-2023-upgrade-bsdcat-debuginfo amazon-linux-2023-upgrade-bsdcpio amazon-linux-2023-upgrade-bsdcpio-debuginfo amazon-linux-2023-upgrade-bsdtar amazon-linux-2023-upgrade-bsdtar-debuginfo amazon-linux-2023-upgrade-bsdunzip amazon-linux-2023-upgrade-bsdunzip-debuginfo amazon-linux-2023-upgrade-libarchive amazon-linux-2023-upgrade-libarchive-debuginfo amazon-linux-2023-upgrade-libarchive-debugsource amazon-linux-2023-upgrade-libarchive-devel References https://attackerkb.com/topics/cve-2024-48957 CVE - 2024-48957 https://alas.aws.amazon.com/AL2023/ALAS-2024-742.html
参与讨论
你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。
注意:你的帖子需要版主批准后才能看到。