CVSS: 7.8EPSS: 3%CPEs: 1EXPL: 2CVE-2016-4301 – Gentoo Linux Security Advisory 201701-03
https://notcve.org/view.php?id=CVE-2016-4301
21 Sep 2016 — Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file. Desbordamiento de búfer basado en pila en la función parse_device en archive_read_support_format_mtree.c en libarchive en versiones anteriores a 3.2.1 permite a atacantes remotos ejecutar código arbitrario a través de un archivo mtree manipulado. Multiple vulnerabilities have been found in libarchive, the worst ... • http://blog.talosintel.com/2016/06/the-poisoned-archives.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2015-8927 – Gentoo Linux Security Advisory 201701-03
https://notcve.org/view.php?id=CVE-2015-8927
20 Sep 2016 — The trad_enc_decrypt_update function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted zip file, related to reading the password. La función trad_enc_decrypt_update en archive_read_support_format_zip.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria dinámica fuera de rango y caída) a través de un archivo zip man... • http://www.openwall.com/lists/oss-security/2016/06/17/2 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 8%CPEs: 4EXPL: 0CVE-2015-8918 – Gentoo Linux Security Advisory 201701-03
https://notcve.org/view.php?id=CVE-2015-8918
20 Sep 2016 — The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy." La función archive_string_append en archive_string.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo cab manipulado, relacionado con "superposición de memcpy". Multiple vulnerabilities have been found in libarchive, th... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2015-8929 – Gentoo Linux Security Advisory 201701-03
https://notcve.org/view.php?id=CVE-2015-8929
20 Sep 2016 — Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file. Fuga de memoria en la función __archive_read_get_extract en archive_read_extract2.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio a través de un archivo tar manipulado. Multiple vulnerabilities have been found in libarchive, the worst of which allows for the remote exec... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 2CVE-2015-8915 – Gentoo Linux Security Advisory 201701-03
https://notcve.org/view.php?id=CVE-2015-8915
20 Sep 2016 — bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file. bsdcpio en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (lectura no válida y caída) a través de un archivo cpio manipulado. Multiple vulnerabilities have been found in libarchive, the worst of which allows for the remote execution of arbitrary code. Versions less than 3.2.2 are affected. • http://www.openwall.com/lists/oss-security/2016/06/17/2 • CWE-125: Out-of-bounds Read •
CVSS: 8.6EPSS: 1%CPEs: 2EXPL: 0CVE-2016-6250 – libarchive: Buffer overflow when writing large iso9660 containers
https://notcve.org/view.php?id=CVE-2016-6250
12 Sep 2016 — Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow. Desbordamiento de entero en el escritor ISO9660 en libarchive en versiones anteriores a 3.2.1 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o ejecutar código arbitrario a través de vectores r... • http://rhn.redhat.com/errata/RHSA-2016-1844.html • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 1%CPEs: 14EXPL: 0CVE-2016-7166 – libarchive: Denial of service using a crafted gzip file
https://notcve.org/view.php?id=CVE-2016-7166
12 Sep 2016 — libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file. libarchive en versiones anteriores a 3.2.0 no limita el número de descompresiones recursivas, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y caída de aplicación) a través de un archivo gzip manipulado. A vulnerability was found in libarchive. A specially craft... • http://rhn.redhat.com/errata/RHSA-2016-1844.html • CWE-399: Resource Management Errors CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 3CVE-2016-5418 – libarchive: Archive Entry with type 1 (hardlink), but has a non-zero data size file overwrite
https://notcve.org/view.php?id=CVE-2016-5418
12 Sep 2016 — The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file. El código sandboxing en libarchive 3.2.0 y versiones anteriores no maneja adecuadamente entradas de archivo de vínculo físico de datos de tamaño distinto de cero, lo que podría permitir a atacantes remotos escribir a archivos arbitrarios a través de un archivo manipulado. A flaw was found in the way libarchiv... • http://rhn.redhat.com/errata/RHSA-2016-1844.html • CWE-19: Data Processing Errors CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 4%CPEs: 8EXPL: 0CVE-2015-8930 – libarchive: Endless loop in ISO parser
https://notcve.org/view.php?id=CVE-2015-8930
14 Jul 2016 — bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself. bsdtar en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de una ISO con un directorio que es miembro de si mismo. A vulnerability was found in libarchive. A specially crafted ISO file could cause the application to consume resources until it hit a memory limit, leadi... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html • CWE-20: Improper Input Validation CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 7%CPEs: 8EXPL: 0CVE-2015-8921 – libarchive: Global out of bounds read in mtree parser
https://notcve.org/view.php?id=CVE-2015-8921
14 Jul 2016 — The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. La función ae_strtofflags en archive_entry.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo mtree manipulado. A vulnerability was found in libarchive. A specially crafted mtree file could cause libarchive to read beyond a sta... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html • CWE-125: Out-of-bounds Read •