CVE & CISA-KEV Catalog

CVE-2024-57970

MEDIUM
4.0
CVSS v3
NVD

Description

libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname.

How to fix

Remediation Available
bsdcat-debuginfoRed Hat / RHEL
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
bsdcat-debuginfoRocky
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
bsdcpio-debuginfoRocky
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
bsdcpio-debuginfoRed Hat / RHEL
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
bsdtarRocky
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
bsdtarRed Hat / RHEL
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
bsdtar-debuginfoRocky
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
bsdtar-debuginfoRed Hat / RHEL
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
bsdunzip-debuginfoRocky
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
bsdunzip-debuginfoRed Hat / RHEL
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
libarchiveRed Hat / RHEL
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
libarchiveRocky
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
libarchive-debuginfoRed Hat / RHEL
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
libarchive-debuginfoRocky
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
libarchive-debugsourceRocky
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
libarchive-debugsourceRed Hat / RHEL
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
libarchive-develRocky
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
libarchive-develRed Hat / RHEL
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510
Fixed in:0:3.7.7-2.el10_0RHSA-2025:7510

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityLow

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Exploit Intelligence

0.23%probability of exploitation in 30 days
14thpercentile

Low risk: more likely to be exploited than 14% of all known CVEs.

References

Other references2

Related Vulnerabilities

Other CWE-126 (Buffer Over-read) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2023-49285High8.689%-Fix
CVE-2017-7668High7.557%-Fix
CVE-2009-2495Medium6.542%--
CVE-2017-7679Critical9.839%-Fix
CVE-2025-21277High7.538%-Fix
CVE-2024-38071High7.536%-Fix
Embed a live status badge for CVE-2024-57970
CVE-2024-57970 severity badge

Markdown

[![CVE-2024-57970](https://tridentstack.com/cve/badge/CVE-2024-57970.svg)](https://tridentstack.com/cve/CVE-2024-57970)

HTML

<a href="https://tridentstack.com/cve/CVE-2024-57970"><img src="https://tridentstack.com/cve/badge/CVE-2024-57970.svg" alt="CVE-2024-57970"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-02-18.