发布时间: 2025年6月13日
修改时间: 2025年6月20日
A vulnerability was found in libarchive up to 3.7.x (File Compression Software). It has been rated as critical.Using CWE to declare the problem leads to CWE-190. The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.Impacted is confidentiality, integrity, and availability.Upgrading to version 3.8.0 eliminates this vulnerability.
| NVD | openEuler | |
|---|---|---|
| Confidentiality | Low | |
| Attack Vector | Local | |
| CVSS评分 | N/A | 3.9 |
| Attack Complexity | Low | |
| Privileges Required | Low | |
| Scope | Unchanged | |
| Integrity | None | |
| User Interaction | Required | |
| Availability | Low |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2025-2635 | libarchive security update | 2025年7月13日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-5 | libarchive | Fixed |
| V6 | libarchive | Fixed |
| KY3.5.3 | libarchive | Fixed |
| KY3.5.2 | libarchive | Fixed |
