Untriaged
Libarchive: off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c
A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation.
Affected products
rhcos
libarchive
- <3.8.0
Matching in nixpkgs
Package maintainers
-
@peterhoeg Peter Hoeg <peter@hoeg.com>
-
@dschrempf Dominik Schrempf <dominik.schrempf@gmail.com>
-
@minijackson Rémi Nicole <minijackson@riseup.net>
-
@cpages Carles Pagès <page@ruiec.cat>
-
@aanderse Aaron Andersen <aaron@fosslib.net>
-
@edwtjo Edward Tjörnhammar <ed@cflags.cc>
-
@nvmd Sergey Kazenyuk <kazenyuk@pm.me>
-
@jcumming Jack Cummings <jack@mudshark.org>