CVE-2022-26280

MEDIUM

Libarchive <3.6.0 - Info Disclosure

Title source: llm
STIX 2.1

Description

Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.

References (4)

Core 4
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/libarchive/libarchive/issues/1672
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202208-26

Scores

CVSS v3 6.5
EPSS 0.0012
EPSS Percentile 30.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

Details

CWE
CWE-125
Status published
Products (2)
fedoraproject/fedora 36
libarchive/libarchive 3.6.0
Published Mar 28, 2022
Tracked Since Feb 18, 2026