Vulnerability Details : CVE-2024-37407
Potential exploit
Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c.
Products affected by CVE-2024-37407
- cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*
- cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2024-37407
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 36 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2024-37407
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.1
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
3.9
|
5.2
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-03-14 |
|
9.1
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
3.9
|
5.2
|
NIST | 2024-07-17 |
CWE ids for CVE-2024-37407
-
The product reads data past the end, or before the beginning, of the intended buffer.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2024-37407
-
https://github.com/libarchive/libarchive/commit/b6a979481b7d77c12fa17bbed94576b63bbcb0c0
zip: Fix out of boundary access (#2145) · libarchive/libarchive@b6a9794 · GitHubIssue Tracking
-
https://github.com/libarchive/libarchive/pull/2145
zip: Fix out of boundary access by stoeckmann · Pull Request #2145 · libarchive/libarchive · GitHubExploit;Issue Tracking
-
https://github.com/libarchive/libarchive/releases/tag/v3.7.4
Release Libarchive 3.7.4 · libarchive/libarchive · GitHubPatch
Jump to