Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2024-26256

Published: 09/04/2024 Updated: 12/06/2024
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 0

Vulnerability Summary

libarchive Remote Code Execution Vulnerability

Vulnerability Trend

Vendor Advisories

Debian CVElist Bug Report Logs: libarchive: CVE-2024-26256
Debian Bug report logs - #1072107 libarchive: CVE-2024-26256 Package: src:libarchive; Maintainer for src:libarchive is Peter Pentchev <roam@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 28 May 2024 17:18:01 UTC Severity: grave Tags: security, upstream Found in versions libarchive/37 ...
Check Point Security Alerts: Microsoft libarchive Remote Code Execution (CVE-2024-26256)
Check Point Reference: CPAI-2024-0171 Date Published: 9 Apr 2024 Severity: High ...

Mailing Lists

Full Disclosure: libarchive 3.7.4 released with 2 security fixes
githubcom/libarchive/libarchive/releases/tag/v374 announces the release on April 26 of libarchive 374 with 2 security fixes: - rar: Fix OOB in rar e8 filter (#2135) (CVE-2024-26256) githubcom/libarchive/libarchive/pull/2135 doesn't give details, but a detailed writeup from Trend Micro / ZDI has been posted at: w ...
Full Disclosure: Re: libarchive 3.7.4 released with 2 security fixes
On 2024-06-04, Alan Coopersmith wrote: The e8 thing is kinda interesting, but I think the ZDI description didn't give enough background Here is my attempt: - A long time ago, WinRAR included a bytecode interpreting VM called RarVM In theory, users could preprocess the data they're compressing to make it more compressible, and ...

Recent Articles

Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs
BleepingComputer • Lawrence Abrams • 09 Apr 2024

Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs By Lawrence Abrams April 9, 2024 01:34 PM 0 .crit { font-weight:bold; color:red; } .article_section td { font-size: 14px!important; } Today is Microsoft's April 2024 Patch Tuesday, which includes security updates for 150 flaws and sixty-seven remote code execution bugs. Only three critical vulnerabilities were fixed as part of today's Patch Tuesday, but there are over sixty-seven remote code execution bugs. More than half of th...

Read more...

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26256https://www.openwall.com/lists/oss-security/2024/06/04/2https://github.com/libarchive/libarchive/commit/eb7939b24a681a04648a59cdebd386b1e9dc9237.patchhttps://github.com/LeSuisse/nixpkgs/commit/81b82a2934521dffef76f7ca305d8d4e22fe7262https://github.com/libarchive/libarchive/releases/tag/v3.7.4http://www.openwall.com/lists/oss-security/2024/06/05/1https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWANFZ6NEMXFCALXWI2AFKYBOLONAVFC/http://www.openwall.com/lists/oss-security/2024/06/04/2https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TWAMR5TY47UKVYMWQXB34CWSBNTRYMBV/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072107https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusionCVE-2023-38506CVE-2024-37198CVE-2023-45197CVE-2024-38621CVE-2024-30103elevation of privilegeCVE-2024-0044IMAP
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook