CVE-2024-26256 - OpenCVE

Libarchive Remote Code Execution Vulnerability

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Microsoft	Windows 11 22h2 Windows 11 23h2 Windows Server 23h2

No data.

No data.

References

Link	Providers
https://github.com/advisories/GHSA-2jc9-36w4-pmqw
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26256
https://nvd.nist.gov/vuln/detail/CVE-2024-26256
https://www.cve.org/CVERecord?id=CVE-2024-26256
https://www.zerodayinitiative.com/blog/2024/4/17/cve-2024-20697-windows-libarchive-remote-code-execution-vulnerability

History

Wed, 09 Oct 2024 03:15:00 +0000

Type	Values Removed	Values Added
References	http://www.openwall.com/lists/oss-security/2024/06/04/2 http://www.openwall.com/lists/oss-security/2024/06/05/1 https://github.com/LeSuisse/nixpkgs/commit/81b82a2934521dffef76f7ca305d8d4e22fe7262 https://github.com/libarchive/libarchive/commit/eb7939b24a681a04648a59cdebd386b1e9dc9237.patch https://github.com/libarchive/libarchive/releases/tag/v3.7.4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWANFZ6NEMXFCALXWI2AFKYBOLONAVFC/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TWAMR5TY47UKVYMWQXB34CWSBNTRYMBV/ https://www.openwall.com/lists/oss-security/2024/06/04/2
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2024-04-09T17:00:12.125Z

Updated: 2024-10-09T01:40:48.104Z

Reserved: 2024-02-15T00:57:49.363Z

Link: CVE-2024-26256

Vulnrichment

Updated: 2024-08-02T00:07:17.883Z

NVD

Status : Awaiting Analysis

Published: 2024-04-09T17:15:47.507

Modified: 2024-10-09T02:15:27.847

Link: CVE-2024-26256

Redhat

Severity : Moderate

Publid Date: 2024-04-09T00:00:00Z

Links: CVE-2024-26256 - Bugzilla

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-26256", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2024-02-15T00:57:49.363Z", "datePublished": "2024-04-09T17:00:12.125Z", "dateUpdated": "2024-10-09T01:40:48.104Z"}, "containers": {"cna": {"title": "Libarchive Remote Code Execution Vulnerability", "datePublic": "2024-04-09T07:00:00+00:00", "affected": [{"vendor": "Microsoft", "product": "Windows 11 version 22H2", "cpes": ["cpe:2.3:o:microsoft:windows_11_22H2:10.0.22621.3447:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_11_22H2:10.0.22621.3447:*:*:*:*:*:x64:*"], "platforms": ["ARM64-based Systems", "x64-based Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.22621.3447", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows 11 version 22H3", "cpes": ["cpe:2.3:o:microsoft:windows_11_23H2:10.0.22631.3447:*:*:*:*:*:arm64:*"], "platforms": ["ARM64-based Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.22631.3447", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows 11 Version 23H2", "cpes": ["cpe:2.3:o:microsoft:windows_11_23H2:10.0.22631.3447:*:*:*:*:*:x64:*"], "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.22631.3447", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2022, 23H2 Edition (Server Core installation)", "cpes": ["cpe:2.3:o:microsoft:windows_server_23h2:10.0.25398.830:*:*:*:*:*:*:*"], "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.25398.830", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Libarchive Remote Code Execution Vulnerability", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE", "cweId": "CWE-122"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2024-10-09T01:40:48.104Z"}, "references": [{"name": "Libarchive Remote Code Execution Vulnerability", "tags": ["vendor-advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26256"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26256", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-10T19:37:11.040361Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:22:38.915Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:07:17.883Z"}, "title": "CVE Program Container", "references": [{"name": "libarchive Remote Code Execution Vulnerability", "tags": ["vendor-advisory", "x_transferred"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26256"}, {"url": "https://www.openwall.com/lists/oss-security/2024/06/04/2", "tags": ["x_transferred"]}, {"url": "https://github.com/libarchive/libarchive/commit/eb7939b24a681a04648a59cdebd386b1e9dc9237.patch", "tags": ["x_transferred"]}, {"url": "https://github.com/LeSuisse/nixpkgs/commit/81b82a2934521dffef76f7ca305d8d4e22fe7262", "tags": ["x_transferred"]}, {"url": "https://github.com/libarchive/libarchive/releases/tag/v3.7.4", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/06/05/1", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWANFZ6NEMXFCALXWI2AFKYBOLONAVFC/", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/06/04/2", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TWAMR5TY47UKVYMWQXB34CWSBNTRYMBV/", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26256", "name": "libarchive Remote Code Execution Vulnerability", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://www.openwall.com/lists/oss-security/2024/06/04/2", "tags": ["x_transferred"]}, {"url": "https://github.com/libarchive/libarchive/commit/eb7939b24a681a04648a59cdebd386b1e9dc9237.patch", "tags": ["x_transferred"]}, {"url": "https://github.com/LeSuisse/nixpkgs/commit/81b82a2934521dffef76f7ca305d8d4e22fe7262", "tags": ["x_transferred"]}, {"url": "https://github.com/libarchive/libarchive/releases/tag/v3.7.4", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/06/05/1", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWANFZ6NEMXFCALXWI2AFKYBOLONAVFC/", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/06/04/2", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TWAMR5TY47UKVYMWQXB34CWSBNTRYMBV/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:07:17.883Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26256", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-10T19:37:11.040361Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:43.403Z"}}], "cna": {"title": "Libarchive Remote Code Execution Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:o:microsoft:windows_11_22H2:10.0.22621.3447:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_11_22H2:10.0.22621.3447:*:*:*:*:*:x64:*"], "vendor": "Microsoft", "product": "Windows 11 version 22H2", "versions": [{"status": "affected", "version": "10.0.0", "lessThan": "10.0.22621.3447", "versionType": "custom"}], "platforms": ["ARM64-based Systems", "x64-based Systems"]}, {"cpes": ["cpe:2.3:o:microsoft:windows_11_23H2:10.0.22631.3447:*:*:*:*:*:arm64:*"], "vendor": "Microsoft", "product": "Windows 11 version 22H3", "versions": [{"status": "affected", "version": "10.0.0", "lessThan": "10.0.22631.3447", "versionType": "custom"}], "platforms": ["ARM64-based Systems"]}, {"cpes": ["cpe:2.3:o:microsoft:windows_11_23H2:10.0.22631.3447:*:*:*:*:*:x64:*"], "vendor": "Microsoft", "product": "Windows 11 Version 23H2", "versions": [{"status": "affected", "version": "10.0.0", "lessThan": "10.0.22631.3447", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"cpes": ["cpe:2.3:o:microsoft:windows_server_23h2:10.0.25398.830:*:*:*:*:*:*:*"], "vendor": "Microsoft", "product": "Windows Server 2022, 23H2 Edition (Server Core installation)", "versions": [{"status": "affected", "version": "10.0.0", "lessThan": "10.0.25398.830", "versionType": "custom"}], "platforms": ["x64-based Systems"]}], "datePublic": "2024-04-09T07:00:00+00:00", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26256", "name": "Libarchive Remote Code Execution Vulnerability", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en-US", "value": "Libarchive Remote Code Execution Vulnerability"}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2024-10-09T01:40:48.104Z"}}}, "cveMetadata": {"cveId": "CVE-2024-26256", "state": "PUBLISHED", "dateUpdated": "2024-10-09T01:40:48.104Z", "dateReserved": "2024-02-15T00:57:49.363Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2024-04-09T17:00:12.125Z", "assignerShortName": "microsoft"}, "dataVersion": "5.1"}

{"bugzilla": {"description": "libarchive: Heap based buffer overflow in rar e8 filter", "id": "2282521", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282521"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-122", "details": ["Libarchive Remote Code Execution Vulnerability", "A flaw was found in the libarchive library. A heap-based buffer overflow in the execute_filter_e8 function in the libarchive/archive_read_support_format_rar.c file can be triggered when a specially crafted RAR archive is processed, causing a crash to the application linked to the library, and resulting in a denial of service."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-26256", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "libarchive", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "libarchive", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "libarchive", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "libarchive", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-04-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-26256\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26256\nhttps://github.com/advisories/GHSA-2jc9-36w4-pmqw\nhttps://www.zerodayinitiative.com/blog/2024/4/17/cve-2024-20697-windows-libarchive-remote-code-execution-vulnerability"], "statement": "The remote code execution is only mentioned in Windows context without any evidence or PoC. As this issue is only a small buffer over-read, without impact to integrity or confidentiality, this flaw was rated as causing only a denial of service to the application linked to the libarchive library.\nAdditionally, libarchive as shipped in Red Hat Enterprise Linux 6, 7, 8 and 9, is not affected by this vulnerability because the vulnerable code was introduced in a newer version of libarchive.", "threat_severity": "Moderate", "upstream_fix": "libarchive 3.7.4"}