#VU59459 Use-after-free in libarchive - CVE-2021-36976

Cybersecurity Help s.r.o.

Published: 2022-01-11

Vulnerability identifier: #VU59459

Vulnerability risk: Medium

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-36976

CWE-ID: CWE-416

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
libarchive
Client/Desktop applications / Software for archiving

Vendor: libarchive

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error in copy_string. A remote attacker can cause a denial of service condition on the target system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

libarchive: 2.6.0 - 3.5.1

External links
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32375
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libarchive/OSV-2021-557.yaml

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Amazon Linux AMI update for libarchive

Splunk Enterprise update for third-party packages

Splunk Universal Forwarder update for third-party packages

Multiple vulnerabilities in Dell EMC VxRail Appliance

Multiple vulnerabilities in Dell Unisphere for PowerMax, Dell Solutions Enabler, Dell Unisphere 360 and Dell VASA Provider

Gentoo update for libarchive

SUSE update for libarchive

Multiple vulnerabilities in Apple watchOS

Multiple vulnerabilities in Apple iOS and iPadOS