Vulnerability Description
Libarchive Remote Code Execution Vulnerability
CVSS Score
7.8
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libarchive | Libarchive | < 3.7.4 |
| Fedoraproject | Fedora | 39 |
| Microsoft | Windows 11 22H2 | < 10.0.22621.3447 |
| Microsoft | Windows 11 23H2 | < 10.0.22631.3447 |
| Microsoft | Windows Server 2022 23H2 | < 10.0.25398.830 |
Related Weaknesses (CWE)
References
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26256Third Party Advisory
- http://www.openwall.com/lists/oss-security/2024/06/04/2Mailing List
- http://www.openwall.com/lists/oss-security/2024/06/05/1Mailing List
- https://github.com/LeSuisse/nixpkgs/commit/81b82a2934521dffef76f7ca305d8d4e22fe7Patch
- https://github.com/libarchive/libarchive/commit/eb7939b24a681a04648a59cdebd386b1Patch
- https://github.com/libarchive/libarchive/releases/tag/v3.7.4Release Notes
- https://lists.fedoraproject.org/archives/list/[email protected]Mailing List
- https://lists.fedoraproject.org/archives/list/[email protected]Mailing List
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26256Third Party Advisory
- https://www.openwall.com/lists/oss-security/2024/06/04/2Mailing List
FAQ
What is CVE-2024-26256?
CVE-2024-26256 is a vulnerability with a CVSS score of 7.8 (HIGH). Libarchive Remote Code Execution Vulnerability
How severe is CVE-2024-26256?
CVE-2024-26256 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-26256?
Check the references section above for vendor advisories and patch information. Affected products include: Libarchive Libarchive, Fedoraproject Fedora, Microsoft Windows 11 22H2, Microsoft Windows 11 23H2, Microsoft Windows Server 2022 23H2.