CVE-2016-7166
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.
Known Affected Software
13 configuration(s) from 2 vendor(s)
linux
Version:
7
CPE:
cpe:2.3:o:oracle:linux:7:8:*:*:*:*:*:*
linux
Version:
6
CPE:
cpe:2.3:o:oracle:linux:6:10:*:*:*:*:*:*
enterprise_linux_workstation
Version:
7.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:x64:*
enterprise_linux_server
Version:
6.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:x86:*
enterprise_linux_hpc_node
Version:
7.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
enterprise_linux_hpc_node
Version:
6.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*
enterprise_linux_server
Version:
7.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:x64:*
enterprise_linux_hpc_node_eus
Version:
7.2
CPE:
cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*
enterprise_linux_desktop
Version:
7.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:x64:*
enterprise_linux_server_aus
Version:
7.2
CPE:
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
enterprise_linux_desktop
Version:
6.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:x64:*
enterprise_linux_server_eus
Version:
7.2
CPE:
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
enterprise_linux_workstation
Version:
6.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:x86:*
This vulnerability affects 13 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://rhn.redhat.com/errata/RHSA-2016-1844.htmlcve@mitre.org Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-1850.htmlcve@mitre.org Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2016/09/08/15cve@mitre.org Mailing List Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2016/09/08/18cve@mitre.org Mailing List Third Party Advisory
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.htmlcve@mitre.org Third Party Advisory
-
http://www.securityfocus.com/bid/92901cve@mitre.org Third Party Advisory
-
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207362cve@mitre.org Issue Tracking
-
https://bugzilla.redhat.com/show_bug.cgi?id=1347086cve@mitre.org Issue Tracking
-
https://github.com/libarchive/libarchive/commit/6e06b1c89dd0d16f74894eac4cfc1327a06ee4a0cve@mitre.org Issue Tracking Patch
-
https://github.com/libarchive/libarchive/issues/660cve@mitre.org Issue Tracking Patch Third Party Advisory
-
https://security.gentoo.org/glsa/201701-03cve@mitre.org
-
http://rhn.redhat.com/errata/RHSA-2016-1844.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-1850.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2016/09/08/15af854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2016/09/08/18af854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://www.securityfocus.com/bid/92901af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207362af854a3a-2127-422b-91ae-364da2661108 Issue Tracking
-
https://bugzilla.redhat.com/show_bug.cgi?id=1347086af854a3a-2127-422b-91ae-364da2661108 Issue Tracking
-
https://github.com/libarchive/libarchive/commit/6e06b1c89dd0d16f74894eac4cfc1327a06ee4a0af854a3a-2127-422b-91ae-364da2661108 Issue Tracking Patch
-
https://github.com/libarchive/libarchive/issues/660af854a3a-2127-422b-91ae-364da2661108 Issue Tracking Patch Third Party Advisory
-
https://security.gentoo.org/glsa/201701-03af854a3a-2127-422b-91ae-364da2661108
Severity Details
out of 10.0
Low
Key Information
- Published Date
- September 21, 2016
