{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-20696", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2023-11-28T22:58:12.121Z", "datePublished": "2024-01-09T17:56:52.848Z", "dateUpdated": "2024-08-01T21:59:42.317Z"}, "containers": {"cna": {"title": "Windows libarchive Remote Code Execution Vulnerability", "datePublic": "2024-01-09T08:00:00+00:00", "affected": [{"vendor": "Microsoft", "product": "Windows 10 Version 1809", "cpes": ["cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.5329:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.5329:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.5329:*:*:*:*:*:arm64:*"], "platforms": ["32-bit Systems", "x64-based Systems", "ARM64-based Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.17763.5329", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2019", "cpes": ["cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.5329:*:*:*:*:*:*:*"], "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.17763.5329", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2019 (Server Core installation)", "cpes": ["cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.5329:*:*:*:*:*:*:*"], "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.17763.5329", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2022", "cpes": ["cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2227:*:*:*:*:*:*:*"], "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.20348.2227", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows 11 version 21H2", "cpes": ["cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.2713:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.2713:*:*:*:*:*:arm64:*"], "platforms": ["x64-based Systems", "ARM64-based Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.22000.2713", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows 10 Version 21H2", "cpes": ["cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.3930:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.3930:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.3930:*:*:*:*:*:x64:*"], "platforms": ["32-bit Systems", "ARM64-based Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.19044.3930", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows 11 version 22H2", "cpes": ["cpe:2.3:o:microsoft:windows_11_22H2:10.0.22621.3007:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_11_22H2:10.0.22621.3007:*:*:*:*:*:x64:*"], "platforms": ["ARM64-based Systems", "x64-based Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.22621.3007", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows 10 Version 22H2", "cpes": ["cpe:2.3:o:microsoft:windows_10_22H2:10.0.19045.3930:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10_22H2:10.0.19045.3930:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10_22H2:10.0.19045.3930:*:*:*:*:*:x86:*"], "platforms": ["x64-based Systems", "ARM64-based Systems", "32-bit Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.19045.3930", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows 11 version 22H3", "cpes": ["cpe:2.3:o:microsoft:windows_11_23H2:10.0.22631.3007:*:*:*:*:*:arm64:*"], "platforms": ["ARM64-based Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.22631.3007", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows 11 Version 23H2", "cpes": ["cpe:2.3:o:microsoft:windows_11_23H2:10.0.22631.3007:*:*:*:*:*:x64:*"], "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.22631.3007", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2022, 23H2 Edition (Server Core installation)", "cpes": ["cpe:2.3:o:microsoft:windows_server_23h2:10.0.25398.643:*:*:*:*:*:*:*"], "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.25398.643", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Windows libarchive Remote Code Execution Vulnerability", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE", "cweId": "CWE-122"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2024-07-19T20:15:01.063Z"}, "references": [{"name": "Windows Libarchive Remote Code Execution Vulnerability", "tags": ["vendor-advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20696"}, {"url": "https://clearbluejar.github.io/posts/patch-tuesday-diffing-cve-2024-20696-windows-libarchive-rce/"}, {"url": "https://github.com/clearbluejar/CVE-2024-20696"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:59:42.317Z"}, "title": "CVE Program Container", "references": [{"name": "Windows Libarchive Remote Code Execution Vulnerability", "tags": ["vendor-advisory", "x_transferred"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20696"}, {"url": "https://clearbluejar.github.io/posts/patch-tuesday-diffing-cve-2024-20696-windows-libarchive-rce/", "tags": ["x_transferred"]}, {"url": "https://github.com/clearbluejar/CVE-2024-20696", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB2C6F0A-4519-43AE-A36D-39F968FF3DCD", "versionEndExcluding": "10.0.17763.5329", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", "matchCriteriaId": "26D9519C-EC1F-48D1-89F5-2DCBF84C8251", "versionEndExcluding": "10.0.19044.3930", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", "matchCriteriaId": "B9B6C6A0-6A10-4A8B-9DF2-D00CE5F863BD", "versionEndExcluding": "10.0.19045.3930", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", "matchCriteriaId": "290AE500-245E-4C97-953C-05D679164894", "versionEndExcluding": "10.0.22000.2713", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", "matchCriteriaId": "8145E3A1-AA48-49CD-A391-8BA9F3860316", "versionEndExcluding": "10.0.22621.3007", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*", "matchCriteriaId": "04D7A1EA-2E86-4600-A7B8-DAA5ACABE8D0", "versionEndExcluding": "10.0.22631.3007", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", "matchCriteriaId": "51DCD313-6848-46DD-B4C6-DA2A8F6291CD", "versionEndExcluding": "10.0.17763.5329", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", "matchCriteriaId": "13224366-AD63-4CAD-85D1-F9599CFE1B14", "versionEndExcluding": "10.0.20348.2227", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", "matchCriteriaId": "0B57577F-8313-4AFF-9E30-0C928D87C4AF", "versionEndExcluding": "10.0.25398.643", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Windows Libarchive Remote Code Execution Vulnerability"}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de Windows Libarchive"}], "id": "CVE-2024-20696", "lastModified": "2024-06-08T13:15:54.193", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 5.9, "source": "secure@microsoft.com", "type": "Primary"}]}, "published": "2024-01-09T18:15:52.927", "references": [{"source": "secure@microsoft.com", "url": "https://clearbluejar.github.io/posts/patch-tuesday-diffing-cve-2024-20696-windows-libarchive-rce/"}, {"source": "secure@microsoft.com", "url": "https://github.com/clearbluejar/CVE-2024-20696"}, {"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20696"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-122"}], "source": "secure@microsoft.com", "type": "Secondary"}]}

{"bugzilla": {"description": "libarchive: out-of-bounds access in copy_from_lzss_window_to_unp()", "id": "2290448", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2290448"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-190->CWE-122", "details": ["Windows libarchive Remote Code Execution Vulnerability", "A flaw was found in the libarchive library. An out-of-bounds access in the copy_from_lzss_window_to_unp function in the libarchive/archive_read_support_format_rar.c file can be triggered due to an integer overflow when a specially crafted RAR archive is processed, causing a crash to the application linked to the library and resulting in a denial of service."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-20696", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "libarchive", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "libarchive", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "libarchive", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "libarchive", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-01-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-20696\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-20696\nhttps://github.com/libarchive/libarchive/pull/2172"], "statement": "The remote code execution is only mentioned in the Windows context without any evidence or PoC. As this issue is an out-of-bounds access only, without impact to integrity or confidentiality, this flaw was rated as causing only a denial of service to the application linked to the libarchive library.\nAdditionally, libarchive as shipped in Red Hat Enterprise Linux 6, 7, 8 and 9, is not affected by this vulnerability because the vulnerable code was introduced in a newer version of libarchive.", "threat_severity": "Moderate"}