5.5

CVE-2015-8925

Exploit
The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version15.10
CanonicalUbuntu Linux Version16.04 SwEditionlts
LibarchiveLibarchive Version <= 3.1.901a
SuseLinux Enterprise Desktop Version12 Updatesp1
SuseLinux Enterprise Server Version12 Updatesp1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.06% 0.789
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
https://security.gentoo.org/glsa/201701-03
http://rhn.redhat.com/errata/RHSA-2016-1844.html
http://www.openwall.com/lists/oss-security/2016/06/17/2
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2016/06/17/5
Third Party Advisory
Mailing List
https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html
Third Party Advisory
http://www.debian.org/security/2016/dsa-3657
http://www.ubuntu.com/usn/USN-3033-1
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html
Third Party Advisory
http://www.securityfocus.com/bid/91306
https://github.com/libarchive/libarchive/issues/516
Third Party Advisory
Exploit
Issue Tracking