NewsLibarchive Flaw Puts Other Software at Risk

Libarchive Flaw Puts Other Software at Risk

Researchers from Cisco Systems’ Talos group have found three severe security flaws—an integer overflow, a buffer overflow and a heap overflow—in an open source library called libarchive. Many popular open source projects rely on the library, which provides real-time access to compressed files. It’s used by many Linux and BSD file managers, as well as by OS X and Chrome OS components. No one knows how many other pieces of software may rely on libarchive, making them vulnerable to attacks.

“When vulnerabilities are discovered in a piece of software such as libarchive, many third-party programs that rely on and bundle libarchive are affected,” the Talos researchers blogged. “These are what are known as common mode failures, which enable attackers to use a single attack to compromise many different programs/systems. Users are encouraged to patch all relevant programs as quickly as possible.”

View article

Get the Free Newsletter!
Subscribe to Developer Insider for top news, trends & analysis
This email address is invalid.
Get the Free Newsletter!
Subscribe to Developer Insider for top news, trends & analysis
This email address is invalid.

Latest Posts

Related Stories