5.5

CVE-2015-8926

Exploit
The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version15.10
CanonicalUbuntu Linux Version16.04 SwEditionlts
SuseLinux Enterprise Desktop Version12 Updatesp1
SuseLinux Enterprise Server Version12 Updatesp1
LibarchiveLibarchive Version <= 3.1.901a
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2% 0.782
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
https://security.gentoo.org/glsa/201701-03
http://rhn.redhat.com/errata/RHSA-2016-1844.html
http://www.openwall.com/lists/oss-security/2016/06/17/2
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2016/06/17/5
Third Party Advisory
Mailing List
https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html
Third Party Advisory
http://www.debian.org/security/2016/dsa-3657
http://www.ubuntu.com/usn/USN-3033-1
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html
Third Party Advisory
http://www.securityfocus.com/bid/91304
https://github.com/libarchive/libarchive/issues/518
Third Party Advisory
Exploit
Issue Tracking