PT-2015-7835 · Libarchive+5 · Libarchive+5

Hanno Böck

·

Publicado

2015-12-31

·

Atualizado

2023-09-12

·

CVE-2015-8922

CVSS v3.1

5.5

Média

VetorAV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions libarchive versions prior to 3.2.0
Description The issue allows remote attackers to cause a denial of service, resulting in a crash, by providing a crafted 7z file. This is related to the 7z folder struct in the archive read support format 7zip.c file, specifically affecting the read CodersInfo function.
Recommendations For versions prior to 3.2.0, update to version 3.2.0 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted 7z files that could trigger the denial of service.

Correção

DoS

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

ALT-PU-2016-1654
CESA-2016_1844
CVE-2015-8922
DLA-554-1
DSA-3657-1
OPENSUSE-SU-2016_2036-1
RHSA-2016:1844
RHSA-2016_1844
SUSE-SU-2016:1909-1
USN-3033-1

Produtos afetados

Alt Linux
Centos
Red Hat
Suse
Ubuntu
Libarchive