CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2018-1000877 – libarchive: Double free in RAR decoder resulting in a denial of service
https://notcve.org/view.php?id=CVE-2018-1000877
libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted RAR archive. libarchive, con el commit con ID 416694915449219d505531b1096384f3237dd6cc y siguientes (desde la v3.1.0) contiene una vulnerabilidad CWE-415: doble liberación (double free) en el descodificador RAR; libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) con new_size = 0, lo que puede resultar en un cierre inesperado/denegación de servicio (DoS). El ataque parece ser explotable si una víctima abre un archivo RAR especialmente manipulado. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html http://www.securityfocus.com/bid/106324 https://access.redhat.com/errata/RHSA-2019:2298 https://access.redhat.com/errata/RHSA-2019:3698 https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909 https://github.com/libarchive/libarchive/pull/1105 https://gith • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2018-1000878 – libarchive: Use after free in RAR decoder resulting in a denial of service
https://notcve.org/view.php?id=CVE-2018-1000878
libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive. libarchive, con el commit con ID 416694915449219d505531b1096384f3237dd6cc y siguientes (desde la v3.1.0) contiene una vulnerabilidad CWE-416: uso de memoria previamente liberada en el descodificador RAR (libarchive/archive_read_support_format_rar.c) que puede resultar en un cierre inesperado/denegación de servicio. Se desconoce si se puede ejecutar código de forma remota. El ataque parece ser explotable si una víctima abre un archivo RAR especialmente manipulado. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html http://www.securityfocus.com/bid/106324 https://access.redhat.com/errata/RHSA-2019:2298 https://access.redhat.com/errata/RHSA-2019:3698 https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909 https://github.com/libarchive/libarchive/pull/1105 https://gith • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-8688
https://notcve.org/view.php?id=CVE-2016-8688
The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c. El licitador mtree en libarchive 3.2.1 no realiza un seguimiento de los tamaños de línea cuando amplía la lectura anticipada, lo que permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo manipulado, lo que desencadena una lectura inválida en la función (1) detect_form o (2) bid_entry en libarchive/archive_read_support_format_mtree.c. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00027.html http://www.openwall.com/lists/oss-security/2016/10/16/11 http://www.securityfocus.com/bid/93781 https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer-overflow-in-bid_entry-archive_read_support_format_mtree-c https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer-overflow-in-detect_form-archive_read_support_format_mtree-c https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdt • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2016-8689
https://notcve.org/view.php?id=CVE-2016-8689
The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive. La función read_Header en archive_read_support_format_7zip.c en libarchive 3.2.1 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de múltiples atributos EmptyStream en una cabecera en un archivo 7zip. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00027.html http://www.openwall.com/lists/oss-security/2016/10/16/11 http://www.securityfocus.com/bid/93781 https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer-overflow-in-read_header-archive_read_support_format_7zip-c https://bugzilla.redhat.com/show_bug.cgi?id=1377925 https://github.com/libarchive/libarchive/commit/7f17c791dcfd8c0416e2cd2485b19410e47ef126 https://lists.debian.org/debian-lts-announce/2018/11/msg00037.ht • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2016-8687
https://notcve.org/view.php?id=CVE-2016-8687
Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename. Desbordamiento de búfer basado en pila en la función safe_fprintf en tar/util.c en libarchive 3.2.1 permite a atacantes remotos provocar una denegación de servicio a través de un carácter multibyte manipulado no imprimible en un nombre de archivo. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00027.html http://www.openwall.com/lists/oss-security/2016/10/16/11 http://www.securityfocus.com/bid/93781 http://www.securitytracker.com/id/1037668 https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-stack-based-buffer-overflow-in-bsdtar_expand_char-util-c https://bugzilla.redhat.com/show_bug.cgi?id=1377926 https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a https://lists.debian.org/debian-lts-a • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •