VDB

ALPINE-CVE-2020-9308

ALPINE-CVE-2020-9308 PUBLISHED CVSS 8.800000190734863 HIGH

archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspecified other impact.

Risk Scores

CVSS 3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Alpine:v3.19libarchive3.2.1-r1, 0, 3.4.1-r0
Alpine:v3.16libarchive3.4.0, 0, 0
Alpine:v3.23libarchive3.3.2-r4, 2.8.4-r1, 2.8.4-r2
Alpine:v3.11libarchive0, 2.8.5-r0, 2.8.4-r2
Alpine:v3.24libarchive0, 3.4.0
Alpine:v3.17libarchive0, 0, 3.4.1-r0
Alpine:v3.15libarchive0, 2.8.4-r1, 2.8.4-r2
Alpine:v3.22libarchive3.4.0, 0, 3.4.1-r0
Alpine:v3.18libarchive3.0.4-r0, 0, 2.8.4-r0
Alpine:v3.21libarchive0, 3.4.0, 0
Alpine:v3.13libarchive0, 2.8.4-r1, 2.8.4-r2
Alpine:v3.20libarchive0, 3.4.0, 0
Alpine:v3.12libarchive3.4.0, 0, 3.4.1-r0
Alpine:v3.14libarchive3.4.0, 3.0.3-r0, 0

Timeline

  • Feb 20, 2020 CVE Published
  • Apr 30, 2026 Distribution Patch
  • Jul 8, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›