7.3
CVSSv3

CVE-2024-20696

Published: 09/01/2024 Updated: 21/11/2024

Vulnerability Summary

Windows libarchive Remote Code Execution Vulnerability

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows 10 1809

microsoft windows 10 21h2

microsoft windows 10 22h2

microsoft windows 11 21h2

microsoft windows 11 22h2

microsoft windows 11 23h2

microsoft windows server 2019

microsoft windows server 2022

microsoft windows server 2022 23h2

Vendor Advisories

Debian Bug report logs - #1086155 libarchive: CVE-2024-20696 Package: src:libarchive; Maintainer for src:libarchive is Peter Pentchev <roam@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 27 Oct 2024 16:51:01 UTC Severity: important Tags: security, upstream Found in version libarchive/3 ...

Mailing Lists

githubcom/libarchive/libarchive/releases/tag/v375 announces the release on Sept 13 of libarchive 375 with these identified security fixes: - fix multiple vulnerabilities identified by SAST (#2251, #2256) - cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing (#2258) - lzop: prevent integer overflow (#2174) - rar4: prote ...

Github Repositories

libarchive-harness-win - CVE-2024-20696 Blog post: clearbluejargithubio/posts/patch-tuesday-diffing-cve-2024-20696-windows-libarchive-rce/ A simple test harness for CVE-2024-20696 Download a version of archiveintdll that you want to test Update the path here Update the file path to point to the test archive to process A sample one bsdtar-invalid-readrar