{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-37407", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T03:50:56.279Z", "dateReserved": "2024-06-08T00:00:00", "datePublished": "2024-06-08T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-06-08T12:43:10.601095"}, "descriptions": [{"lang": "en", "value": "Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/libarchive/libarchive/pull/2145"}, {"url": "https://github.com/libarchive/libarchive/commit/b6a979481b7d77c12fa17bbed94576b63bbcb0c0"}, {"url": "https://github.com/libarchive/libarchive/releases/tag/v3.7.4"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"affected": [{"vendor": "libarchive", "product": "libarchive", "cpes": ["cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.7.4", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-18T20:12:02.698661Z", "id": "CVE-2024-37407", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-18T20:13:14.882Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:50:56.279Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/libarchive/libarchive/pull/2145", "tags": ["x_transferred"]}, {"url": "https://github.com/libarchive/libarchive/commit/b6a979481b7d77c12fa17bbed94576b63bbcb0c0", "tags": ["x_transferred"]}, {"url": "https://github.com/libarchive/libarchive/releases/tag/v3.7.4", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-37407", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-07-18T20:13:14.882Z", "dateReserved": "2024-06-08T00:00:00", "datePublished": "2024-06-08T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-06-08T12:43:10.601095"}, "descriptions": [{"lang": "en", "value": "Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/libarchive/libarchive/pull/2145"}, {"url": "https://github.com/libarchive/libarchive/commit/b6a979481b7d77c12fa17bbed94576b63bbcb0c0"}, {"url": "https://github.com/libarchive/libarchive/releases/tag/v3.7.4"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-37407", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-18T20:12:02.698661Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*"], "vendor": "libarchive", "product": "libarchive", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "3.7.4"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-18T20:13:10.324Z"}}]}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*", "matchCriteriaId": "9D39546C-368C-43A4-870B-84A4DE39DD8F", "versionEndExcluding": "3.7.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c."}, {"lang": "es", "value": "Libarchive anterior a 3.7.4 permite el acceso a nombres fuera de los l\u00edmites cuando un archivo ZIP tiene un archivo con nombre vac\u00edo y mac-ext est\u00e1 habilitado. Esto ocurre en slurp_central_directory en archive_read_support_format_zip.c."}], "id": "CVE-2024-37407", "lastModified": "2024-11-21T09:23:47.870", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-08T13:15:58.337", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://github.com/libarchive/libarchive/commit/b6a979481b7d77c12fa17bbed94576b63bbcb0c0"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/libarchive/libarchive/pull/2145"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/libarchive/libarchive/releases/tag/v3.7.4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://github.com/libarchive/libarchive/commit/b6a979481b7d77c12fa17bbed94576b63bbcb0c0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/libarchive/libarchive/pull/2145"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/libarchive/libarchive/releases/tag/v3.7.4"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "libarchive: Out of bounds access in slurp_central_directory at archive_read_support_format_zip.c", "id": "2292307", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292307"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-119", "details": ["Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c.", "An out-of-bounds access flaw was found in libarchive in the slurp_central_directory function at archive_read_support_format_zip.c. This vulnerability may be triggered if a ZIP archive has an empty name and the mac-ext is enabled."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-37407", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "libarchive", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "libarchive", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "libarchive", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "libarchive", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-06-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-37407\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-37407"], "statement": "This vulnerability in libarchive is rated with an Important severity because it involves an out-of-bounds access when processing ZIP archives with empty filenames and the mac-ext option enabled. Such vulnerabilities can lead to undefined behavior, including potential exploitation by attackers to execute arbitrary code, causing a denial of service, or exfiltrating sensitive information. The flaw lies in the slurp_central_directory function within archive_read_support_format_zip.c, where improper handling of file names leads to memory access violations.", "threat_severity": "Important", "upstream_fix": "libarchive 3.7.4"}