DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2024-37407

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-37407

CGA ID

CGA-fr7r-qfwj-mf66

Severity

9.1

Critical

CVSS V3

Description

Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c.

References

  • https://images.chainguard.dev/security/CGA-fr7r-qfwj-mf66

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images