Conversation
buherator
buherator
Edited 3 months ago
libarchive 3.7.4 released with 2 security fixes
@taviso 's analysis of CVE-2024-26256 explains the concept of RarVM and how it may relate to the now fixed vulnerability:
https://seclists.org/oss-sec/2024/q2/270
This may have impact on a bunch of downstream software (khm..AVs) too.
Edit: See also the analysis of @thezdi here: https://www.zerodayinitiative.com/blog/2024/4/17/cve-2024-20697-windows-libarchive-remote-code-execution-vulnerability
@taviso 's analysis of CVE-2024-26256 explains the concept of RarVM and how it may relate to the now fixed vulnerability:
https://seclists.org/oss-sec/2024/q2/270
This may have impact on a bunch of downstream software (khm..AVs) too.
Edit: See also the analysis of @thezdi here: https://www.zerodayinitiative.com/blog/2024/4/17/cve-2024-20697-windows-libarchive-remote-code-execution-vulnerability
1
4
4
Jevin Sweval
jevinskie@mastodon.socialOh I love weird machine vulnerabilities! Although this one is less weird and more straight up VM handed to you on a platter but you could still call it weird because it’s for a compression algorithm. :3
0
0
1