libarchive: Multiple vulnerabilities (CVE-2019-19221, 2020-9308)
CVE-2019-19221: out-of-bounds read in archive_wstring_append_from_mbs in archive_string.c
A vulnerability was found in Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.
References:
- https://github.com/libarchive/libarchive/issues/1276
- https://nvd.nist.gov/vuln/detail/CVE-2019-19221
Patch:
https://github.com/libarchive/libarchive/commit/22b1db9d46654afc6f0c28f90af8cdc84a199f41
CVE-2020-9308: attempts to unpack a RAR5 file with an invalid or corrupted header leads to a SIGSEGV
archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspecified other impact.
References:
Patch:
https://github.com/libarchive/libarchive/commit/94821008d6eea81e315c5881cdf739202961040a
Affected branches:
-
master (98a20682) -
3.11-stable -
3.10-stable -
3.9-stable -
3.8-stable