github - ghsa-w6xv-37jv-7cjr

ghsa-w6xv-37jv-7cjr

Vulnerability from github

Published

2024-01-09 18:30

Modified

2024-06-10 18:30

Severity

7.3 (High) - CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Details

Windows Libarchive Remote Code Execution Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-20697"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-122"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-09T18:15:53Z",
    "severity": "HIGH"
  },
  "details": "Windows Libarchive Remote Code Execution Vulnerability",
  "id": "GHSA-w6xv-37jv-7cjr",
  "modified": "2024-06-10T18:30:51Z",
  "published": "2024-01-09T18:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20697"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-w6xv-37jv-7cjr"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20697"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/blog/2024/4/17/cve-2024-20697-windows-libarchive-remote-code-execution-vulnerability"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/06/04/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/06/05/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2024-20697

Vulnerability from cvelistv5

Published

2024-01-09 17:56

Modified

2024-08-01 21:59

Severity

7.3 (High) - cvssV3_1 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

Windows libarchive Remote Code Execution Vulnerability

References

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20697	vendor-advisory
https://www.zerodayinitiative.com/blog/2024/4/17/cve-2024-20697-windows-libarchive-remote-code-execution-vulnerability
https://github.com/advisories/GHSA-w6xv-37jv-7cjr
http://www.openwall.com/lists/oss-security/2024/06/05/1
http://www.openwall.com/lists/oss-security/2024/06/04/2

Impacted products

Vendor	Product
Microsoft	Windows 11 version 22H2
Microsoft	Windows 11 version 22H3
Microsoft	Windows 11 Version 23H2
Microsoft	Windows Server 2022, 23H2 Edition (Server Core installation)

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:59:42.826Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Windows Libarchive Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20697"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/blog/2024/4/17/cve-2024-20697-windows-libarchive-remote-code-execution-vulnerability"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/advisories/GHSA-w6xv-37jv-7cjr"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/06/05/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/06/04/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_11_22H2:10.0.22621.3007:*:*:*:*:*:arm64:*",
            "cpe:2.3:o:microsoft:windows_11_22H2:10.0.22621.3007:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 11 version 22H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22621.3007",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_11_23H2:10.0.22631.3007:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "ARM64-based Systems"
          ],
          "product": "Windows 11 version 22H3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22631.3007",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_11_23H2:10.0.22631.3007:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows 11 Version 23H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22631.3007",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_23h2:10.0.25398.643:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.25398.643",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-01-09T08:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Windows libarchive Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-19T20:15:01.666Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Windows Libarchive Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20697"
        },
        {
          "url": "https://www.zerodayinitiative.com/blog/2024/4/17/cve-2024-20697-windows-libarchive-remote-code-execution-vulnerability"
        },
        {
          "url": "https://github.com/advisories/GHSA-w6xv-37jv-7cjr"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/06/05/1"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/06/04/2"
        }
      ],
      "title": "Windows libarchive Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-20697",
    "datePublished": "2024-01-09T17:56:53.424Z",
    "dateReserved": "2023-11-28T22:58:12.121Z",
    "dateUpdated": "2024-08-01T21:59:42.826Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.