CVE-2021-36976

libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
Affected Products (NVD)
VendorProductVersion
libarchivelibarchive
3.4.1 ≤
𝑥
≤ 3.5.2
appleipados
𝑥
< 15.4
appleiphone_os
𝑥
< 15.4
applemacos
𝑥
< 12.3
applewatchos
𝑥
< 8.5
splunkuniversal_forwarder
8.2.0 ≤
𝑥
< 8.2.12
splunkuniversal_forwarder
9.0.0 ≤
𝑥
< 9.0.6
splunkuniversal_forwarder
9.1.0
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
1809 (arm64, x64, x86)
KB5009557
1909 (arm64, x64, x86)
KB5009545
20H2 (arm64, x86)
KB5009543
21H1 (arm64, x64, x86)
KB5009543
21H2 (arm64, x64, x86)
KB5009543
Windows 11
21H2 (arm64, x64)
KB5009566
Windows Server
20H2 Server Core
KB5009543
Windows Server 2019
Server Core
KB5009557
Standard
KB5009557
Windows Server 2022
Server Core
KB5009555
Standard
KB5009555
Debian logo
Debian Releases
Debian Product
Codename
libarchive
bookworm
3.6.2-1+deb12u1
fixed
bookworm (security)
3.6.2-1+deb12u1
fixed
bullseye
no-dsa
buster
not-affected
sid
3.7.4-1.1
fixed
stretch
not-affected
trixie
3.7.4-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libarchive
bionic
not-affected
focal
Fixed 3.4.0-2ubuntu1.1
released
groovy
ignored
hirsute
ignored
impish
Fixed 3.4.3-2ubuntu0.1
released
jammy
Fixed 3.5.2-1ubuntu1
released
trusty
not-affected
xenial
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
bsdtar
suse enterprise server 15 SP2
3.4.2-150200.4.3.1
fixed
suse enterprise server 15 SP4
3.5.1-150400.3.3.1
fixed
libarchive-devel
suse enterprise desktop 15 SP3
3.4.2-150200.4.3.1
fixed
suse enterprise desktop 15 SP4
3.5.1-150400.3.3.1
fixed
suse enterprise desktop 15 SP5
3.5.1-150400.3.3.1
fixed
suse enterprise desktop 15 SP6
3.7.2-150600.1.7
fixed
suse enterprise desktop 15 SP7
3.7.2-150600.3.12.1
fixed
suse enterprise sap 15 SP3
3.4.2-150200.4.3.1
fixed
suse enterprise sap 15 SP4
3.5.1-150400.3.3.1
fixed
suse enterprise sap 15 SP5
3.5.1-150400.3.3.1
fixed
suse enterprise sap 15 SP6
3.7.2-150600.1.7
fixed
suse enterprise sap 15 SP7
3.7.2-150600.3.12.1
fixed
suse enterprise server 15 SP2
3.4.2-150200.4.3.1
fixed
suse enterprise server 15 SP3
3.4.2-150200.4.3.1
fixed
suse enterprise server 15 SP4
3.5.1-150400.3.3.1
fixed
suse enterprise server 15 SP5
3.5.1-150400.3.3.1
fixed
suse enterprise server 15 SP6
3.7.2-150600.1.7
fixed
suse enterprise server 15 SP7
3.7.2-150600.3.12.1
fixed
libarchive13
suse enterprise desktop 15 SP3
3.4.2-150200.4.3.1
fixed
suse enterprise desktop 15 SP4
3.5.1-150400.3.3.1
fixed
suse enterprise desktop 15 SP5
3.5.1-150400.3.3.1
fixed
suse enterprise desktop 15 SP6
3.7.2-150600.1.7
fixed
suse enterprise desktop 15 SP7
3.7.2-150600.3.12.1
fixed
suse enterprise sap 15 SP3
3.4.2-150200.4.3.1
fixed
suse enterprise sap 15 SP4
3.5.1-150400.3.3.1
fixed
suse enterprise sap 15 SP5
3.5.1-150400.3.3.1
fixed
suse enterprise sap 15 SP6
3.7.2-150600.1.7
fixed
suse enterprise sap 15 SP7
3.7.2-150600.3.12.1
fixed
suse enterprise server 15 SP2
3.4.2-150200.4.3.1
fixed
suse enterprise server 15 SP3
3.4.2-150200.4.3.1
fixed
suse enterprise server 15 SP4
3.5.1-150400.3.3.1
fixed
suse enterprise server 15 SP5
3.5.1-150400.3.3.1
fixed
suse enterprise server 15 SP6
3.7.2-150600.1.7
fixed
suse enterprise server 15 SP7
3.7.2-150600.3.12.1
fixed
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2022/Mar/27
http://seclists.org/fulldisclosure/2022/Mar/28
http://seclists.org/fulldisclosure/2022/Mar/29
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32375
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libarchive/OSV-2021-557.yaml
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SE5NJQNM22ZE5Z55LPAGCUHSBQZBKMKC/
https://security.gentoo.org/glsa/202208-26
https://support.apple.com/kb/HT213182
https://support.apple.com/kb/HT213183
https://support.apple.com/kb/HT213193
http://seclists.org/fulldisclosure/2022/Mar/27
http://seclists.org/fulldisclosure/2022/Mar/28
http://seclists.org/fulldisclosure/2022/Mar/29
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32375
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libarchive/OSV-2021-557.yaml
https://lists.debian.org/debian-lts-announce/2024/11/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SE5NJQNM22ZE5Z55LPAGCUHSBQZBKMKC/
https://security.gentoo.org/glsa/202208-26
https://support.apple.com/kb/HT213182
https://support.apple.com/kb/HT213183
https://support.apple.com/kb/HT213193