CVE-2019-11463
https://notcve.org/view.php?id=CVE-2019-11463
A memory leak in archive_read_format_zip_cleanup in archive_read_support_format_zip.c in libarchive 3.3.4-dev allows remote attackers to cause a denial of service via a crafted ZIP file because of a HAVE_LZMA_H typo. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected. Una pérdida de memoria en la función archive_read_format_zip_cleanup en el archivo archive_read_support_format_zip.c en libarchive 3.3.4-dev permite a los atacantes remotos provocar una Denegación de Servicio a través de un archivo ZIP creado debido a un error tipográfico HAVE_LZMA_H. NOTA: esto solo impacta a los usuarios que descargaron el código de desarrollo de GitHub. • https://access.redhat.com/security/cve/cve-2019-11463 https://github.com/libarchive/libarchive/commit/ba641f73f3d758d9032b3f0e5597a9c6e593a505 https://github.com/libarchive/libarchive/issues/1165 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2019-1000020 – libarchive: Infinite recursion in archive_read_support_format_iso9660.c resulting in denial of service
https://notcve.org/view.php?id=CVE-2019-1000020
libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file. libarchive, en versiones desde el commit con ID 5a98dcf8a86364b3c2c469c85b93647dfb139961 (desde la versión v2.8.0) contiene una vulnerabilidad CWE-835: bucle con condición de salida inalcanzable (bucle infinito) en el analizador ISO9660, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() que puede resultar en una denegación de servicio (DoS) por bucle infinito. El ataque parece ser explotable si una víctima abre un archivo ISO9660 especialmente manipulado. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html https://access.redhat.com/errata/RHSA-2019:2298 https://access.redhat.com/errata/RHSA-2019:3698 https://github.com/libarchive/libarchive/pull/1120 https://github.com/libarchive/libarchive/pull/1120/commits/8312eaa576014cd9b965012af51bc1f967b12423 https://lists.debian.org/debian-lts-anno • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2016-4301
https://notcve.org/view.php?id=CVE-2016-4301
Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file. Desbordamiento de búfer basado en pila en la función parse_device en archive_read_support_format_mtree.c en libarchive en versiones anteriores a 3.2.1 permite a atacantes remotos ejecutar código arbitrario a través de un archivo mtree manipulado. • http://blog.talosintel.com/2016/06/the-poisoned-archives.html http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.securityfocus.com/bid/91328 http://www.talosintel.com/reports/TALOS-2016-0153 https://bugzilla.redhat.com/show_bug.cgi?id=1348441 https://github.com/libarchive/libarchive/commit/a550daeecf6bc689ade371349892ea17b5b97c77 https://github.com/libarchive/libarchive/issues/715 https://security.gentoo.org/glsa/201701-03 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-8915
https://notcve.org/view.php?id=CVE-2015-8915
bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file. bsdcpio en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (lectura no válida y caída) a través de un archivo cpio manipulado. • http://www.openwall.com/lists/oss-security/2016/06/17/2 http://www.openwall.com/lists/oss-security/2016/06/17/5 http://www.securityfocus.com/bid/91298 https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html https://github.com/libarchive/libarchive/issues/503 https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html https://security.gentoo.org/glsa/201701-03 • CWE-125: Out-of-bounds Read •
CVE-2015-8929
https://notcve.org/view.php?id=CVE-2015-8929
Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file. Fuga de memoria en la función __archive_read_get_extract en archive_read_extract2.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio a través de un archivo tar manipulado. • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html http://www.openwall.com/lists/oss-security/2016/06/17/2 http://www.openwall.com/lists/oss-security/2016/06/17/5 http://www.securityfocus.com/bid/91340 https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html https://github.com/libarchive/libarchive/issues/517 https://security.gentoo.org/glsa/201701-03 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •