CVE-2021-36976

CVSS v3.1 6.5 (Medium)

CVSS v2.0 4.3 (Medium)

EPSS 0.54 % (77^th)

Affected Products 7

Advisories 9

libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).

Weaknesses

CWE-416: Use After Free

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2021-07-20 07:15:07
(3 years ago)
Updated Date: 2024-03-27 16:04:33
(5 months ago)

Affected Products

Apple

Fedoraproject

Fedora

Libarchive

Libarchive

Splunk

Universal Forwarder

Configuration #1

		CPE23	From	Up To
	Libarchive from 3.4.1 version and 3.5.2 and prior versions	cpe:2.3:a:libarchive:libarchive	>= 3.4.1	<= 3.5.2

Configuration #2

		CPE23	From	Up To
	Fedoraproject Fedora 35	cpe:2.3:o:fedoraproject:fedora:35

Configuration #3

		CPE23	From	Up To
	Apple Ipados prior 15.4 version	cpe:2.3:o:apple:ipados		< 15.4
	Apple Iphone Os prior 15.4 version	cpe:2.3:o:apple:iphone_os		< 15.4
	Apple Macos prior 12.3 version	cpe:2.3:o:apple:macos		< 12.3
	Apple Watchos prior 8.5 version	cpe:2.3:o:apple:watchos		< 8.5

Configuration #4

		CPE23	From	Up To
	Splunk Universal Forwarder from 8.2.0 version and prior 8.2.12 version	cpe:2.3:a:splunk:universal_forwarder	>= 8.2.0	< 8.2.12
	Splunk Universal Forwarder from 9.0.0 version and prior 9.0.6 version	cpe:2.3:a:splunk:universal_forwarder	>= 9.0.0	< 9.0.6
	Splunk Universal Forwarder 9.1.0	cpe:2.3:a:splunk:universal_forwarder:9.1.0