CVE-2024-48615 – A null pointer dereference vulnerability in lib... (How to Fix)

Q: What is the severity of CVE-2024-48615?

CVE-2024-48615 has a CVSS score of 7.5 (HIGH). A null pointer dereference vulnerability in libarchive 3.7.6 and earlier allows attackers to cause denial of service (crash) when processing specially crafted tar archives. This affects systems using bsdtar or applications that link against vulnerable libarchive versions. The vulnerability occurs in the header_pax_extension function during archive parsing.

📋 TL;DR

A null pointer dereference vulnerability in libarchive 3.7.6 and earlier allows attackers to cause denial of service (crash) when processing specially crafted tar archives. This affects systems using bsdtar or applications that link against vulnerable libarchive versions. The vulnerability occurs in the header_pax_extension function during archive parsing.

💻 Affected Systems

Products:

libarchive
bsdtar
applications using libarchive library

Versions: libarchive 3.7.6 and earlier

Operating Systems: Linux, macOS, BSD, Windows (if compiled with vulnerable libarchive)

Default Config Vulnerable: ⚠️ Yes

Notes: Any system with bsdtar installed or applications dynamically linked against vulnerable libarchive versions are affected. The vulnerability triggers during tar archive processing.

📦 What is this software?

Libarchive by Libarchive

View all CVEs affecting Libarchive →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption through application crashes, potentially leading to data loss or system instability if the process handles critical operations.

🟠

Likely Case

Denial of service through application crashes when processing malicious tar archives, requiring manual intervention to restart affected services.

🟢

If Mitigated

Minimal impact with proper input validation and sandboxing; crashes would be contained to non-critical processes.

🌐 Internet-Facing: MEDIUM - Attackers could upload malicious archives to web applications or services that process tar files, but exploitation requires specific conditions.

🏢 Internal Only: LOW - Requires local access or ability to supply malicious archives to vulnerable applications, limiting attack surface.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Proof-of-concept crash test available in referenced GitHub repository. Exploitation requires ability to supply malicious tar archives to vulnerable applications.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: libarchive 3.7.7 or later

Vendor Advisory: https://github.com/libarchive/libarchive/releases

Restart Required: No

Instructions:

1. Download latest libarchive from official repository. 2. Compile and install new version. 3. Recompile any applications using libarchive with updated library. 4. Update package manager if using distribution packages.

🔧 Temporary Workarounds

Input validation for tar archives

all

Implement strict validation of tar archives before processing, rejecting suspicious or malformed files.

🧯 If You Can't Patch

Restrict tar archive processing to trusted sources only
Run vulnerable applications in sandboxed/containerized environments with limited privileges

🔍 How to Verify

Check if Vulnerable:

Check libarchive version: bsdtar --version or check library version with package manager (e.g., dpkg -l libarchive*).

Check Version:

bsdtar --version | grep libarchive || dpkg -l libarchive* | grep ^ii || rpm -qa | grep libarchive

Verify Fix Applied:

Verify installed libarchive version is 3.7.7 or later and test with known malicious tar archives from PoC repository.

📡 Detection & Monitoring

Log Indicators:

Application crashes with segmentation faults during tar processing
Unexpected process termination when handling archive files

Network Indicators:

Unusual tar archive uploads to web applications
Multiple failed archive processing attempts

SIEM Query:

process_name:bsdtar AND event_type:crash OR process_name contains archive AND exit_code:139

📊 Metadata

CVE ID: CVE-2024-48615

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.4% exploit probability (60.1th percentile)

Published: March 28, 2025

Last Updated: April 14, 2025

🔗 References

https://github.com/88Sanghy88/crash-test Exploit,Third Party Advisory
https://github.com/libarchive/libarchive/releases/download/v3.7.6/libarchive-3.7.6.tar.gz Product
https://github.com/88Sanghy88/crash-test Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-48615, you might also want to check these: