ZDI-24-1696 - Libarchive Libarchive, Microsoft Windows 11 23h2 and Microsoft Windows Server 2022 23h2

December 19, 2024

Low

This vulnerability allows remote attackers to execute arbitrary code on affected installations of libarchive. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-20697.

Affected software

Libarchive Libarchive

Microsoft Windows 11 23h2

Microsoft Windows Server 2022 23h2

Microsoft Windows 11 22h2

Reference links

https://github.com/libarchive/libarchive/pull/2135
http://www.zerodayinitiative.com/advisories/ZDI-24-1696/

ZDI-24-1696 - Libarchive Libarchive, Microsoft Windows 11 23h2 and Microsoft Windows Server 2022 23h2

Affected software

Reference links

Get alerted to vulnerabilities in your software