CVE-2019-19221 - In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read b

CVE-2019-19221

Summary

In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.

References

Vulnerable Configurations

cpe:2.3:a:libarchive:libarchive:3.4.0:*:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:3.4.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

CVSS

Base:	2.1 (as of 03-12-2022 - 14:24)
Impact:
Exploitability:

CWE

CWE-125

CAPEC

Infiltration of Hardware Development Environment
An attacker, leveraging the ability to manipulate components of primary support systems and tools within the development and production environments, inserts malicious software within the hardware and/or firmware development environment. The infiltration purpose is to alter developed hardware components in a system destined for deployment at the victim's organization, for the purpose of disruption or further compromise.
Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:N/A:P

redhat via4

advisories

bugzilla

id	1801635
title	CVE-2019-19221 libarchive: out-of-bounds read in archive_wstring_append_from_mbs in archive_string.c

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 8 is installed
oval oval:com.redhat.rhba:tst:20193384074

AND
comment bsdtar is earlier than 0:3.3.2-9.el8
oval oval:com.redhat.rhsa:tst:20204443001
comment bsdtar is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20161844004
AND
comment libarchive is earlier than 0:3.3.2-9.el8
oval oval:com.redhat.rhsa:tst:20204443003
comment libarchive is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20111507002

AND

comment libarchive-debugsource is earlier than 0:3.3.2-9.el8
oval oval:com.redhat.rhsa:tst:20204443005
comment libarchive-debugsource is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20193698006

AND

comment libarchive-devel is earlier than 0:3.3.2-9.el8
oval oval:com.redhat.rhsa:tst:20204443007
comment libarchive-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20111507004

rhsa

id	RHSA-2020:4443
released	2020-11-04
severity	Moderate
title	RHSA-2020:4443: libarchive security update (Moderate)

rpms

bsdcat-debuginfo-0:3.3.2-9.el8
bsdcpio-debuginfo-0:3.3.2-9.el8
bsdtar-0:3.3.2-9.el8
bsdtar-debuginfo-0:3.3.2-9.el8
libarchive-0:3.3.2-9.el8
libarchive-debuginfo-0:3.3.2-9.el8
libarchive-debugsource-0:3.3.2-9.el8
libarchive-devel-0:3.3.2-9.el8

refmap via4

fedora	FEDORA-2020-235688c222
misc	https://github.com/libarchive/libarchive/commit/22b1db9d46654afc6f0c28f90af8cdc84a199f41 https://github.com/libarchive/libarchive/issues/1276
ubuntu	USN-4293-1

Last major update

03-12-2022 - 14:24

Published

21-11-2019 - 23:15

Last modified

03-12-2022 - 14:24