Libarchive Integer Overflow Vulnerability Leading to Double-Free Condition in RAR Format Handling

A vulnerability exists in the libarchive library, specifically in versions prior to 3.8.0, within the 'archive_read_format_rar_seek_data()' function. This vulnerability involves an integer overflow that can result in a double-free condition. Exploiting this double-free vulnerability can cause memory corruption, allowing an attacker to execute arbitrary code or create a denial-of-service condition.

Impact

The vulnerability can be exploited to cause a double-free condition, leading to memory corruption. This type of vulnerability can often be exploited to execute arbitrary code or cause a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by creating a RAR file that includes over 4 billion nodes. When this file is processed by libarchive using the 'bsdtar' command, the integer overflow occurs, causing the double-free condition. A Python script can be used to automate this process by writing a crafted RAR file that triggers the vulnerability.

Remediation

Users can upgrade to libarchive version 3.8.0 or later, where this vulnerability has been fixed.