CVE-2024-13941 – This is a critical memory corruption vulnerabil... (How to Fix)

Q: What is the severity of CVE-2024-13941?

CVE-2024-13941 has a CVSS score of 5.3 (MEDIUM). This is a critical memory corruption vulnerability in the ouch archive utility's ZIP date-time parsing function. Attackers with local access can exploit it to potentially execute arbitrary code or crash the application. Users of ouch versions up to 0.3.1 are affected.

📋 TL;DR

This is a critical memory corruption vulnerability in the ouch archive utility's ZIP date-time parsing function. Attackers with local access can exploit it to potentially execute arbitrary code or crash the application. Users of ouch versions up to 0.3.1 are affected.

💻 Affected Systems

Products:

ouch-org ouch

Versions: up to and including 0.3.1

Operating Systems: All platforms where ouch runs

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of affected versions are vulnerable when processing ZIP archives

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to arbitrary code execution with the privileges of the ouch process

🟠

Likely Case

Application crash (denial of service) or limited memory corruption

🟢

If Mitigated

No impact if patched or if untrusted users lack local access

🌐 Internet-Facing: LOW - requires local access for exploitation

🏢 Internal Only: MEDIUM - internal users with local access could exploit it

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires local access and ability to trigger ZIP date-time parsing with malicious input

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.4.0

Vendor Advisory: https://github.com/ouch-org/ouch/releases/tag/0.4.0

Restart Required: No

Instructions:

1. Check current ouch version: ouch --version
2. Update via cargo: cargo install ouch --version 0.4.0
3. Verify update: ouch --version should show 0.4.0

🔧 Temporary Workarounds

Restrict local user access

linux

Limit which users can execute ouch on vulnerable systems

chmod 750 /usr/local/bin/ouch
setfacl -m u:trusteduser:rx /usr/local/bin/ouch

Avoid processing untrusted ZIP files

all

Do not use ouch to extract or process ZIP archives from untrusted sources

🧯 If You Can't Patch

Remove ouch from production systems or restrict to trusted users only
Use alternative archive tools for ZIP processing

🔍 How to Verify

Check if Vulnerable:

Run: ouch --version | grep -E '0\.(0|1|2|3)\.[0-9]+'

Check Version:

ouch --version

Verify Fix Applied:

Run: ouch --version | grep '0.4.0'

📡 Detection & Monitoring

Log Indicators:

Segmentation fault or crash reports from ouch process
Unexpected termination of ouch with memory error codes

Network Indicators:

None - local exploitation only

SIEM Query:

process.name:"ouch" AND (event.action:"segmentation_fault" OR event.outcome:"failure")

📊 Metadata

CVE ID: CVE-2024-13941

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-119

EPSS Score: 0.1% exploit probability (26.6th percentile)

Published: April 1, 2025

Last Updated: April 2, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-13941, you might also want to check these: