CVE-2024-37407

Public on 2024-06-08
Modified on 2024-06-11
Description
Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c.
Severity
Medium severity
Medium
CVSS v3 Base Score
6.5
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 cmake3 No Fix Planned
Amazon Linux 2 - Core cmake3 Not Affected
Amazon Linux 2 - Rust1 Extra cmake3 Not Affected
Amazon Linux 1 libarchive No Fix Planned
Amazon Linux 2 - Core libarchive Not Affected
Amazon Linux 2023 libarchive Not Affected

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
NVD CVSSv3 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

References

Red Hat: CVE-2024-37407 Mitre: CVE-2024-37407