5

CVE-2013-0211

Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LibarchiveLibarchive SwPlatformx64 Version <= 3.1.2
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version14.10
OpensuseOpensuse Version13.1
OpensuseOpensuse Version13.2
FedoraprojectFedora Version17
FedoraprojectFedora Version18
FreebsdFreebsd Version9.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.93% 0.89
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101687.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101700.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101872.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101876.html
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-03/msg00065.html
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2013:147
Third Party Advisory
http://www.securityfocus.com/bid/58926
http://www.securitytracker.com/id/1035995
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2549-1
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=902998
Patch
Issue Tracking
https://github.com/libarchive/libarchive/commit/22531545514043e04633e1c015c7540b9de9dbe4
Patch
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:23.libarchive.asc
Third Party Advisory