5.5

CVE-2015-8934

Exploit
The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SuseLinux Enterprise Desktop Version12 Updatesp1
SuseLinux Enterprise Server Version12 Updatesp1
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version15.10
CanonicalUbuntu Linux Version16.04 SwEditionlts
LibarchiveLibarchive Version <= 3.1.901a
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.3% 0.811
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
https://security.gentoo.org/glsa/201701-03
http://rhn.redhat.com/errata/RHSA-2016-1844.html
http://www.openwall.com/lists/oss-security/2016/06/17/2
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2016/06/17/5
Third Party Advisory
Mailing List
https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html
Third Party Advisory
http://www.debian.org/security/2016/dsa-3657
http://www.ubuntu.com/usn/USN-3033-1
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html
Third Party Advisory
http://www.securityfocus.com/bid/91409
https://github.com/libarchive/libarchive/issues/521
Patch
Third Party Advisory
Exploit
Issue Tracking