New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
out-of-bounds read in lha_read_data_none() #948
Comments
This issue was assigned CVE-2017-14503 |
Hi @carnil, is someone between the community is planning to fix this issue? |
It looks like this was fixed with 2c8c83b. |
Hi, this seems to be relatively serious security issue since major linux distributions (like Ubuntu) are using libarchive. Qualsys reported this:
Another source: https://cyber.vumetric.com/vulns/CVE-2017-5601/out-bounds-read-vulnerability-libarchive-3-2-2/ I dont want to be pushy and I do understand people are working on this during their free time but this is a pain :( ... |
@VictorRodriguez - grea!!! So this issue can be closed now - right? |
@carnil is the one that has power to close the issue |
Hi
The following was reported downstream in Debian at https://bugs.debian.org/875960
The
oob.lha
base64 encoded is:tested against 5562545:
The text was updated successfully, but these errors were encountered: