Untriaged
Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
Affected products
rhcos
- *
libarchive
- *
- <3.8.0
rhosdt/jaeger-agent-rhel8
- *
rhosdt/jaeger-query-rhel8
- *
rhosdt/jaeger-ingester-rhel8
- *
rhosdt/jaeger-rhel8-operator
- *
rhosdt/jaeger-collector-rhel8
- *
rhosdt/jaeger-operator-bundle
- *
rhosdt/jaeger-all-in-one-rhel8
- *
rhosdt/jaeger-es-rollover-rhel8
- *
discovery/discovery-server-rhel9
- *
rhosdt/jaeger-es-index-cleaner-rhel8
- *
web-terminal/web-terminal-tooling-rhel9
- *
cert-manager/jetstack-cert-manager-rhel9
- *
web-terminal/web-terminal-rhel9-operator
- *
openshift-serverless-1/logic-rhel8-operator
- *
openshift-serverless-1/logic-operator-bundle
- *
registry.redhat.io/rhosdt/jaeger-agent-rhel8
- *
registry.redhat.io/rhosdt/jaeger-query-rhel8
- *
insights-proxy/insights-proxy-container-rhel9
- *
compliance/openshift-compliance-openscap-rhel8
- *
compliance/openshift-compliance-rhel8-operator
- *
openshift-serverless-1/logic-swf-builder-rhel8
- *
openshift-serverless-1/logic-swf-devmode-rhel8
- *
registry.redhat.io/rhosdt/jaeger-ingester-rhel8
- *
registry.redhat.io/rhosdt/jaeger-rhel8-operator
- *
openshift-sandboxed-containers/osc-monitor-rhel9
- *
registry.redhat.io/rhosdt/jaeger-collector-rhel8
- *
registry.redhat.io/rhosdt/jaeger-operator-bundle
- *
compliance/openshift-compliance-must-gather-rhel8
- *
openshift-sandboxed-containers/osc-rhel9-operator
- *
registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8
- *
compliance/openshift-file-integrity-rhel8-operator
- *
registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8
- *
openshift-serverless-1/logic-db-migrator-tool-rhel8
- *
registry.redhat.io/discovery/discovery-server-rhel9
- *
openshift-sandboxed-containers/osc-must-gather-rhel9
- *
openshift-serverless-1/logic-management-console-rhel8
- *
openshift-sandboxed-containers/osc-podvm-builder-rhel9
- *
openshift-sandboxed-containers/osc-podvm-payload-rhel9
- *
openshift-serverless-1/logic-data-index-ephemeral-rhel8
- *
registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8
- *
openshift-serverless-1/logic-data-index-postgresql-rhel8
- *
openshift-serverless-1/logic-jobs-service-ephemeral-rhel8
- *
openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9
- *
openshift-serverless-1/logic-jobs-service-postgresql-rhel8
- *
openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8
- *
registry.redhat.io/insights-proxy/insights-proxy-container-rhel9
- *
openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9
- *
registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9
- *
registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator
- *
registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9
- *
registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9
- *
registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9
- *
registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9
- *
registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9
- *
Matching in nixpkgs
Package maintainers
-
@peterhoeg Peter Hoeg <peter@hoeg.com>
-
@dschrempf Dominik Schrempf <dominik.schrempf@gmail.com>
-
@minijackson Rémi Nicole <minijackson@riseup.net>
-
@cpages Carles Pagès <page@ruiec.cat>
-
@aanderse Aaron Andersen <aaron@fosslib.net>
-
@edwtjo Edward Tjörnhammar <ed@cflags.cc>
-
@nvmd Sergey Kazenyuk <kazenyuk@pm.me>
-
@jcumming Jack Cummings <jack@mudshark.org>