CVSS: 7.5EPSS: 1%CPEs: 14EXPL: 0CVE-2016-4809 – libarchive: Memory allocate error with symbolic links in cpio archives
https://notcve.org/view.php?id=CVE-2016-4809
The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink. La función archive_read_format_cpio_read_header en archive_read_support_format_cpio.c en libarchive en versiones anteriores a 3.2.1 permite a atacantes remotos provocar denegación de servicio (caída de aplicación) a través de un archivo CPIO con un enlace simbólico grande. A vulnerability was found in libarchive. A specially crafted cpio archive containing a symbolic link to a ridiculously large target path can cause memory allocation to fail, resulting in any attempt to view or extract the archive crashing. • http://rhn.redhat.com/errata/RHSA-2016-1844.html http://rhn.redhat.com/errata/RHSA-2016-1850.html http://www.debian.org/security/2016/dsa-3657 http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/91813 https://bugzilla.redhat.com/show_bug.cgi?id=1347084 https://github.com/libarchive/libarchive/commit/fd7e0c02 https://github.com/libarchive/libarchive/issues/705 https://security.gentoo.org/glsa/201701-03 https://access • CWE-20: Improper Input Validation CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.4EPSS: 1%CPEs: 8EXPL: 2CVE-2016-4300 – libarchive: Heap buffer overflow vulnerability in the 7zip read_SubStreamsInfo
https://notcve.org/view.php?id=CVE-2016-4300
Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow. Desbordamiento de entero en la función read_SubStreamsInfo en archive_read_support_format_7zip.c en libarchive en versiones anteriores a 3.2.1 permite a atacantes remotos ejecutar código arbitrario a través de un archivo 7zip con un gran número de subcorrientes, lo que desencadena un desbordamiento de búfer basado en memoria dinámica. A vulnerability was found in libarchive's handling of 7zip data. A specially crafted 7zip file can cause a integer overflow resulting in memory corruption that can lead to code execution. • http://blog.talosintel.com/2016/06/the-poisoned-archives.html http://rhn.redhat.com/errata/RHSA-2016-1844.html http://www.debian.org/security/2016/dsa-3657 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/91326 http://www.talosintel.com/reports/TALOS-2016-0152 https://bugzilla.redhat.com/show_bug.cgi?id=1348439 https://github.com/libarchive/l • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 1%CPEs: 8EXPL: 2CVE-2016-4302 – libarchive: Heap buffer overflow in the Rar decompression functionality
https://notcve.org/view.php?id=CVE-2016-4302
Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary. Desbordamiento de búfer basado en memoria dinámica en la función parse_codes en archive_read_support_format_rar.c en libarchive en versiones anteriores a 3.2.1 permite a atacantes remotos ejecutar código arbitrario a través de un archivo RAR con un diccionario de tamaño cero. A vulnerability was found in libarchive's handling of RAR archives. A specially crafted RAR file can cause a heap overflow, potentially leading to code execution in the context of the application. • http://blog.talosintel.com/2016/06/the-poisoned-archives.html http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1348444 http://rhn.redhat.com/errata/RHSA-2016-1844.html http://www.debian.org/security/2016/dsa-3657 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/91331 http://www.talosintel.com/reports/TALOS-2016-0154 https://github.com/liba • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2016-4470 – kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path
https://notcve.org/view.php?id=CVE-2016-4470
The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command. La función key_reject_and_link en security/keys/key.c en el kernel de Linux hasta la versión 4.6.3 no asegura que cierta estructura de datos esté inicializada, lo que permite a usuarios locales provocar una denegación de servicio (caída del sistema) a través de vectores involucrando un comando keyctl request2 manipulado. A flaw was found in the Linux kernel's keyring handling code: the key_reject_and_link() function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38327424b40bcebe2de92d07312c89360ac9229a http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html http://lists.opensuse.org • CWE-253: Incorrect Check of Function Return Value •
CVSS: 7.1EPSS: 0%CPEs: 19EXPL: 0CVE-2016-2150 – spice: Host memory access from guest with invalid primary surface parameters
https://notcve.org/view.php?id=CVE-2016-2150
SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261. SPICE permite a usuarios invitados locales del sistema operativo leer de o escribir a localizaciones de memoria de acogidas arbitrarias a través de parámetros de superficie primaria manipulados, un problema similar a CVE-2015-5261. A memory access flaw was found in the way spice handled certain guests using crafted primary surface parameters. A user in a guest could use this flaw to read from and write to arbitrary memory locations on the host. • http://lists.opensuse.org/opensuse-updates/2016-07/msg00003.html http://lists.opensuse.org/opensuse-updates/2016-07/msg00004.html http://www.debian.org/security/2016/dsa-3596 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.ubuntu.com/usn/USN-3014-1 https://access.redhat.com/errata/RHSA-2016:1204 https://access.redhat.com/errata/RHSA-2016:1205 https://bugzilla.redhat.com/show_bug.cgi?id=1313496 https://security.gentoo.org/glsa/201606& • CWE-284: Improper Access Control •