Home

CVE-2021-36976

Description

libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.192

Associated Vulnerability

VulnerabilityOS Platform
Virtual Machine IDE Drive Elevation of Privilege Vulnerability for Windows 10 Version 20H2 for x86-based Systems (KB5009543)Windows
Virtual Machine IDE Drive Elevation of Privilege Vulnerability for Windows 10 Version 20H2 for x64-based Systems (KB5009543)Windows
Virtual Machine IDE Drive Elevation of Privilege Vulnerability for Windows 10 Version 21H1 for x64-based Systems (KB5009543)Windows
Virtual Machine IDE Drive Elevation of Privilege Vulnerability for Windows 10 Version 21H1 for x86-based Systems (KB5009543)Windows
Virtual Machine IDE Drive Elevation of Privilege Vulnerability for Windows 10 Version 21H2 for x86-based Systems (KB5009543)Windows
Virtual Machine IDE Drive Elevation of Privilege Vulnerability for Windows 10 Version 21H2 for x64-based Systems (KB5009543)Windows
Virtual Machine IDE Drive Elevation of Privilege Vulnerability for Windows 10 Version 1909 for x86-based Systems (KB5009545)Windows
Virtual Machine IDE Drive Elevation of Privilege Vulnerability for Windows 10 Version 1909 for x64-based Systems (KB5009545)Windows
Virtual Machine IDE Drive Elevation of Privilege Vulnerability for Microsoft server operating system version 21H2 for x64-based Systems (KB5009555)Windows
Virtual Machine IDE Drive Elevation of Privilege Vulnerability for Windows Server 2019 for x64-based Systems (KB5009557)Windows
Virtual Machine IDE Drive Elevation of Privilege Vulnerability for Windows 10 Version 1809 for x64-based Systems (KB5009557)Windows
Virtual Machine IDE Drive Elevation of Privilege Vulnerability for Windows 10 Version 1809 for x86-based Systems (KB5009557)Windows
Virtual Machine IDE Drive Elevation of Privilege Vulnerability for Windows 11 for x64-based Systems (KB5009566)Windows
Multiple vulnerabilities are fixed in Mac OS - Monterey 12.3 (Software Update) - AutoRebootMac
Multiple vulnerabilities are fixed in Mac OS - Monterey 12.3.1 (Software Update) - AutoRebootMac
Library to read/write archive files (USN-5291-1) libarchive13_3.4.0-2ubuntu1.1_i386.debLinux
Library to read/write archive files (USN-5291-1) libarchive13_3.4.0-2ubuntu1.1_amd64.debLinux
Library to read/write archive files (USN-5291-1) libarchive13_3.4.3-2ubuntu0.1_i386.debLinux
Library to read/write archive files (USN-5291-1) libarchive13_3.4.3-2ubuntu0.1_amd64.debLinux
libarchive Security Update (ALAS2023-2023-071) libarchive-3.5.3-2.amzn2023.0.2.x86_64.rpmLinux
libarchive Security Update (ALAS2023-2023-071) libarchive-devel-3.5.3-2.amzn2023.0.2.x86_64.rpmLinux
libarchive Security Update (ALAS2023-2023-071) bsdcat-3.5.3-2.amzn2023.0.2.x86_64.rpmLinux
libarchive Security Update (ALAS2023-2023-071) bsdcpio-3.5.3-2.amzn2023.0.2.x86_64.rpmLinux
libarchive Security Update (ALAS2023-2023-071) bsdtar-3.5.3-2.amzn2023.0.2.x86_64.rpmLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-327692022-01 Cumulative Update for Windows 10 Version 20H2 for x86-based Systems (KB5009543) (CVE-2021-22947) (CVE-2021-22947) (CVE-2022-21919) (CVE-2022-21836) (CVE-2022-21874)
PATCH-327702022-01 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB5009543) (CVE-2021-22947) (CVE-2021-22947) (CVE-2022-21919) (CVE-2022-21836) (CVE-2022-21874)
PATCH-327722022-01 Cumulative Update for Windows 10 Version 21H1 for x64-based Systems (KB5009543) (CVE-2021-22947) (CVE-2021-22947) (CVE-2022-21919) (CVE-2022-21836) (CVE-2022-21874)
PATCH-327732022-01 Cumulative Update for Windows 10 Version 21H1 for x86-based Systems (KB5009543) (CVE-2021-22947) (CVE-2021-22947) (CVE-2022-21919) (CVE-2022-21836) (CVE-2022-21874)
PATCH-327742022-01 Cumulative Update for Windows 10 Version 21H2 for x86-based Systems (KB5009543) (CVE-2021-22947) (CVE-2021-22947) (CVE-2022-21919) (CVE-2022-21836) (CVE-2022-21874)
PATCH-327752022-01 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5009543) (CVE-2021-22947) (CVE-2021-22947) (CVE-2022-21919) (CVE-2022-21836) (CVE-2022-21874)
PATCH-327802022-01 Cumulative Update for Windows 10 Version 1909 for x86-based Systems (KB5009545) (CVE-2021-22947) (CVE-2021-22947) (CVE-2022-21919) (CVE-2022-21836) (CVE-2022-21874)
PATCH-327812022-01 Cumulative Update for Windows 10 Version 1909 for x64-based Systems (KB5009545) (CVE-2021-22947) (CVE-2021-22947) (CVE-2022-21919) (CVE-2022-21836) (CVE-2022-21874)
PATCH-327762022-01 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5009555) (CVE-2021-22947) (CVE-2021-22947) (CVE-2022-21919) (CVE-2022-21836) (CVE-2022-21874)
PATCH-327772022-01 Cumulative Update for Windows Server 2019 for x64-based Systems (KB5009557) (CVE-2021-22947) (CVE-2021-22947) (CVE-2022-21919) (CVE-2022-21836) (CVE-2022-21839) (CVE-2022-21874)
PATCH-327782022-01 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5009557) (CVE-2021-22947) (CVE-2021-22947) (CVE-2022-21919) (CVE-2022-21836) (CVE-2022-21839) (CVE-2022-21874)
PATCH-327792022-01 Cumulative Update for Windows 10 Version 1809 for x86-based Systems (KB5009557) (CVE-2021-22947) (CVE-2021-22947) (CVE-2022-21919) (CVE-2022-21836) (CVE-2022-21839) (CVE-2022-21874)
PATCH-327872022-01 Cumulative Update for Windows 11 for x64-based Systems (KB5009566) (CVE-2021-22947) (CVE-2021-22947) (CVE-2022-21919) (CVE-2022-21836) (CVE-2022-21874)
PATCH-608134Mac OS - Monterey 12.7.6 (Software Update) - AutoReboot (CVE-2024-27877)
PATCH-608134Mac OS - Monterey 12.7.6 (Software Update) - AutoReboot (CVE-2024-27877)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234