CVE-2015-8921 – libarchive: Global out of bounds read in mtree parser
https://notcve.org/view.php?id=CVE-2015-8921
The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. La función ae_strtofflags en archive_entry.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo mtree manipulado. A vulnerability was found in libarchive. A specially crafted mtree file could cause libarchive to read beyond a statically declared structure, potentially disclosing application memory. • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html http://rhn.redhat.com/errata/RHSA-2016-1844.html http://rhn.redhat.com/errata/RHSA-2016-1850.html http://www.debian.org/security/2016/dsa-3657 http://www.openwall.com/lists/oss-security/2016/06/17/2 http://www.openwall.com/lists/oss-security/2016/06/17/5 http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/91307 http://www.ubuntu. • CWE-125: Out-of-bounds Read •
CVE-2016-4302 – libarchive: Heap buffer overflow in the Rar decompression functionality
https://notcve.org/view.php?id=CVE-2016-4302
Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary. Desbordamiento de búfer basado en memoria dinámica en la función parse_codes en archive_read_support_format_rar.c en libarchive en versiones anteriores a 3.2.1 permite a atacantes remotos ejecutar código arbitrario a través de un archivo RAR con un diccionario de tamaño cero. A vulnerability was found in libarchive's handling of RAR archives. A specially crafted RAR file can cause a heap overflow, potentially leading to code execution in the context of the application. • http://blog.talosintel.com/2016/06/the-poisoned-archives.html http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1348444 http://rhn.redhat.com/errata/RHSA-2016-1844.html http://www.debian.org/security/2016/dsa-3657 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/91331 http://www.talosintel.com/reports/TALOS-2016-0154 https://github.com/liba • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2016-4809 – libarchive: Memory allocate error with symbolic links in cpio archives
https://notcve.org/view.php?id=CVE-2016-4809
The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink. La función archive_read_format_cpio_read_header en archive_read_support_format_cpio.c en libarchive en versiones anteriores a 3.2.1 permite a atacantes remotos provocar denegación de servicio (caída de aplicación) a través de un archivo CPIO con un enlace simbólico grande. A vulnerability was found in libarchive. A specially crafted cpio archive containing a symbolic link to a ridiculously large target path can cause memory allocation to fail, resulting in any attempt to view or extract the archive crashing. • http://rhn.redhat.com/errata/RHSA-2016-1844.html http://rhn.redhat.com/errata/RHSA-2016-1850.html http://www.debian.org/security/2016/dsa-3657 http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/91813 https://bugzilla.redhat.com/show_bug.cgi?id=1347084 https://github.com/libarchive/libarchive/commit/fd7e0c02 https://github.com/libarchive/libarchive/issues/705 https://security.gentoo.org/glsa/201701-03 https://access • CWE-20: Improper Input Validation CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2015-8931 – libarchive: Undefined behavior (signed integer overflow) in mtree parser
https://notcve.org/view.php?id=CVE-2015-8931
Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior. Múltiples desbordamientos de entero en las funciones (1) get_time_t_max y (2) get_time_t_min en archive_read_support_format_mtree.c en libarchive en versiones anteriores a 3.2.0 permiten a atacantes remotos tener impacto no especificado a través de un archivo mtree manipulado, lo que desencadena un comportamiento no definido. Undefined behavior (signed integer overflow) was discovered in libarchive, in the MTREE parser's calculation of maximum and minimum dates. A crafted mtree file could potentially cause denial of service. • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html http://rhn.redhat.com/errata/RHSA-2016-1844.html http://www.debian.org/security/2016/dsa-3657 http://www.openwall.com/lists/oss-security/2016/06/17/2 http://www.openwall.com/lists/oss-security/2016/06/17/5 http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/91338 http://www.ubuntu.com/usn/USN-3033-1 https://blog.fuzzing-project. • CWE-190: Integer Overflow or Wraparound •
CVE-2016-4300 – libarchive: Heap buffer overflow vulnerability in the 7zip read_SubStreamsInfo
https://notcve.org/view.php?id=CVE-2016-4300
Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow. Desbordamiento de entero en la función read_SubStreamsInfo en archive_read_support_format_7zip.c en libarchive en versiones anteriores a 3.2.1 permite a atacantes remotos ejecutar código arbitrario a través de un archivo 7zip con un gran número de subcorrientes, lo que desencadena un desbordamiento de búfer basado en memoria dinámica. A vulnerability was found in libarchive's handling of 7zip data. A specially crafted 7zip file can cause a integer overflow resulting in memory corruption that can lead to code execution. • http://blog.talosintel.com/2016/06/the-poisoned-archives.html http://rhn.redhat.com/errata/RHSA-2016-1844.html http://www.debian.org/security/2016/dsa-3657 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/91326 http://www.talosintel.com/reports/TALOS-2016-0152 https://bugzilla.redhat.com/show_bug.cgi?id=1348439 https://github.com/libarchive/l • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •