Vulnerability Description
A memory leak in archive_read_format_zip_cleanup in archive_read_support_format_zip.c in libarchive 3.3.4-dev allows remote attackers to cause a denial of service via a crafted ZIP file because of a HAVE_LZMA_H typo. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libarchive | Libarchive | < 3.4.0 |
Related Weaknesses (CWE)
References
- https://github.com/libarchive/libarchive/commit/ba641f73f3d758d9032b3f0e5597a9c6PatchThird Party Advisory
- https://github.com/libarchive/libarchive/issues/1165ExploitThird Party Advisory
- https://access.redhat.com/security/cve/cve-2019-11463Third Party Advisory
- https://github.com/libarchive/libarchive/commit/ba641f73f3d758d9032b3f0e5597a9c6PatchThird Party Advisory
- https://github.com/libarchive/libarchive/issues/1165ExploitThird Party Advisory
FAQ
What is CVE-2019-11463?
CVE-2019-11463 is a vulnerability with a CVSS score of 5.5 (MEDIUM). A memory leak in archive_read_format_zip_cleanup in archive_read_support_format_zip.c in libarchive 3.3.4-dev allows remote attackers to cause a denial of service via a crafted ZIP file because of a H...
How severe is CVE-2019-11463?
CVE-2019-11463 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-11463?
Check the references section above for vendor advisories and patch information. Affected products include: Libarchive Libarchive.