发布时间: 2025年6月13日
修改时间: 2025年6月20日
A vulnerability was found in libarchive up to 3.7.x (File Compression Software). It has been classified as critical.CWE is classifying the issue as CWE-415. The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.This is going to have an impact on confidentiality, integrity, and availability.Upgrading to version 3.8.0 eliminates this vulnerability.
| NVD | openEuler | |
|---|---|---|
| Confidentiality | High | Low |
| Attack Vector | Network | Local |
| CVSS评分 | 9.8 | 3.9 |
| Attack Complexity | Low | Low |
| Privileges Required | None | Low |
| Scope | Unchanged | Unchanged |
| Integrity | High | None |
| User Interaction | None | Required |
| Availability | High | Low |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2025-2635 | libarchive security update | 2025年7月13日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-5 | libarchive | Fixed |
| V6 | libarchive | Fixed |
| KY3.5.3 | libarchive | Fixed |
| KY3.5.2 | libarchive | Fixed |
