CVE-2016-1541 – libarchive: zip_read_mac_metadata() heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2016-1541
Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive. Desbordamiento de buffer basado en memoria dinámica en la función zip_read_mac_metadata en archive_read_support_format_zip.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos ejecutar código arbitrario a través de valores entry-size manipulados en un archivo ZIP. A vulnerability was found in libarchive. A specially crafted zip file can provide an incorrect compressed size, which may allow an attacker to place arbitrary code on the heap and execute it in the context of the application. • http://lists.opensuse.org/opensuse-updates/2016-06/msg00003.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00090.html http://rhn.redhat.com/errata/RHSA-2016-1844.html http://www.debian.org/security/2016/dsa-3574 http://www.kb.cert.org/vuls/id/862384 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/89355 http://www.slackware.com • CWE-20: Improper Input Validation CWE-122: Heap-based Buffer Overflow •
CVE-2015-2304
https://notcve.org/view.php?id=CVE-2015-2304
Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive. Vulnerabilidad de recorrido de directorio absoluto en bsdcpio en libarchive 3.1.2 y anteriores permite a atacantes remotos escribir archivos arbitrarios a través de un nombre completo de ruta en un archivo. • http://advisories.mageia.org/MGASA-2015-0106.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00065.html http://www.debian.org/security/2015/dsa-3180 http://www.mandriva.com/security/advisories?name=MDVSA-2015:157 http://www.openwall.com/lists/oss-security/2015/01/07/5 http://www.openwall.com/lists/oss-security/2015/01/16/7 http://www.securitytracker.com/id/1035996 http://www.ubuntu.com/usn/USN-2549-1 https://github.com/libarchive/libarchive/commit/593571 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2013-0211
https://notcve.org/view.php?id=CVE-2013-0211
Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow. Error de signo de enteros en la función archive_write_zip_data de archive_write_set_format_zip.c en la versión 3.1.2 y anteriores, cuando se ejecuta en equipos de 64 bits, permite a atacantes dependientes del contexto causar una denegación del servicio (caída) a través de vectores sin especificar, que desencadena en una conversión incorrecta entre tipos con signo y sin signo, dando lugar a un desbordamiento de búfer. • http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101687.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101700.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101872.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101876.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00065.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:147 http://www.securityfocus.com/bid/58926 http://www.securi • CWE-189: Numeric Errors •
CVE-2011-1778 – Libarchive multiple security issues
https://notcve.org/view.php?id=CVE-2011-1778
Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TAR archive. Desbordamiento de búfer en libarchive hasta v2.8.5, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente la ejecución de código a través de un fichero TAR manipulado. • http://code.google.com/p/libarchive/source/detail?r=3160 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://secunia.com/advisories/48034 http://support.apple.com/kb/HT5281 http://www.debian.org/security/2012/dsa-2413 https://bugzilla.redhat.com/show_bug.cgi?id=705849 https://rhn.redhat.com/errata/RHSA-2011-1507.html https://access.redhat.com/security/cve/CVE-2011-1778 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-1777 – Libarchive multiple security issues
https://notcve.org/view.php?id=CVE-2011-1777
Multiple buffer overflows in the (1) heap_add_entry and (2) relocate_dir functions in archive_read_support_format_iso9660.c in libarchive through 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ISO9660 image. Múltiples desbordamientos de búfer en las funciones (1) heap_add_entry y (2) relocate_dir en archive_read_support_format_iso9660.c en libarchive hasta v2.8.5, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente la ejecución de código de su elección a través de una imagen ISO9660 manipulada. • http://code.google.com/p/libarchive/source/detail?r=3158 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://secunia.com/advisories/48034 http://support.apple.com/kb/HT5281 http://www.debian.org/security/2012/dsa-2413 https://bugzilla.redhat.com/show_bug.cgi?id=705849 https://rhn.redhat.com/errata/RHSA-2011-1507.html https://access.redhat.com/security/cve/CVE-2011-1777 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •