CVE-2015-8933
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file.
Known Affected Software
7 configuration(s) from 2 vendor(s)
ubuntu_linux
Version:
14.04
CPE:
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
ubuntu_linux
Version:
16.04
CPE:
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:*:*:*:*
ubuntu_linux
Version:
15.10
CPE:
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
ubuntu_linux
Version:
12.04
CPE:
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
linux_enterprise_server
Version:
12
CPE:
cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:-:*:*:*
linux_enterprise_desktop
Version:
12
CPE:
cpe:2.3:o:suse:linux_enterprise_desktop:12:sp4:*:*:*:*:*:*
linux_enterprise_software_development_kit
Version:
12
CPE:
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*
This vulnerability affects 7 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.htmlcve@mitre.org Third Party Advisory
-
http://www.debian.org/security/2016/dsa-3657cve@mitre.org
-
http://www.openwall.com/lists/oss-security/2016/06/17/2cve@mitre.org Mailing List Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2016/06/17/5cve@mitre.org Mailing List Third Party Advisory
-
http://www.securityfocus.com/bid/91421cve@mitre.org
-
http://www.ubuntu.com/usn/USN-3033-1cve@mitre.org Third Party Advisory
-
https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.htmlcve@mitre.org Third Party Advisory
-
https://github.com/libarchive/libarchive/issues/548cve@mitre.org Exploit Issue Tracking Patch Third Party Advisory
-
https://security.gentoo.org/glsa/201701-03cve@mitre.org
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://www.debian.org/security/2016/dsa-3657af854a3a-2127-422b-91ae-364da2661108
-
http://www.openwall.com/lists/oss-security/2016/06/17/2af854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2016/06/17/5af854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://www.securityfocus.com/bid/91421af854a3a-2127-422b-91ae-364da2661108
-
http://www.ubuntu.com/usn/USN-3033-1af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://github.com/libarchive/libarchive/issues/548af854a3a-2127-422b-91ae-364da2661108 Exploit Issue Tracking Patch Third Party Advisory
-
https://security.gentoo.org/glsa/201701-03af854a3a-2127-422b-91ae-364da2661108
Severity Details
out of 10.0
Low
Weakness Type (CWE)
CWE-190
Top 25 #22
Integer Overflow or Wraparound
- Description
- The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value…
- Exploit Likelihood
- Medium
- Typical Severity
- High
- Abstraction Level
- Base
Key Information
- Published Date
- September 20, 2016
