CVE-2024-20697

EUVD-2024-18412
Windows libarchive Remote Code Execution Vulnerability
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.3 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
Affected Products (NVD)
VendorProductVersion
microsoftwindows_11_22h2
𝑥
< 10.0.22621.3007
microsoftwindows_11_22h2
𝑥
< 10.0.22621.3007
microsoftwindows_11_23h2
𝑥
< 10.0.22631.3007
microsoftwindows_11_23h2
𝑥
< 10.0.22631.3007
microsoftwindows_server_2022_23h2
-
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 11
22H2 (arm64, x64)
KB5034123
23H2 (arm64, x64)
KB5034123
Windows Server 2022
23H2 Server Core
KB5034130
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libarchive-devel
suse enterprise desktop 15 SP6
3.7.2-150600.3.9.1
fixed
suse enterprise desktop 15 SP7
3.7.2-150600.3.9.1
fixed
suse enterprise sap 15 SP6
3.7.2-150600.3.9.1
fixed
suse enterprise sap 15 SP7
3.7.2-150600.3.9.1
fixed
suse enterprise server 15 SP6
3.7.2-150600.3.9.1
fixed
suse enterprise server 15 SP7
3.7.2-150600.3.9.1
fixed
libarchive13
suse enterprise desktop 15 SP6
3.7.2-150600.3.9.1
fixed
suse enterprise desktop 15 SP7
3.7.2-150600.3.9.1
fixed
suse enterprise sap 15 SP6
3.7.2-150600.3.9.1
fixed
suse enterprise sap 15 SP7
3.7.2-150600.3.9.1
fixed
suse enterprise server 15 SP6
3.7.2-150600.3.9.1
fixed
suse enterprise server 15 SP7
3.7.2-150600.3.9.1
fixed
Common Weakness Enumeration
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20697
http://www.openwall.com/lists/oss-security/2024/06/04/2
http://www.openwall.com/lists/oss-security/2024/06/05/1
https://github.com/advisories/GHSA-w6xv-37jv-7cjr
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20697
https://www.zerodayinitiative.com/blog/2024/4/17/cve-2024-20697-windows-libarchive-remote-code-execution-vulnerability