PT-2016-5880 · Libarchive+5 · Libarchive+5

Andrej Nemec

·

Published

2016-06-23

·

Updated

2024-06-15

·

CVE-2016-4300

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions libarchive versions prior to 3.2.1
Description The issue is caused by an integer overflow in the read SubStreamsInfo function, which can be triggered by a 7zip file containing a large number of substreams. This leads to a heap-based buffer overflow, potentially allowing remote attackers to execute arbitrary code.
Recommendations For versions prior to 3.2.1, update to version 3.2.1 or later to resolve the issue. As a temporary workaround, consider avoiding the use of 7zip files with a large number of substreams until the update is applied. Restrict access to the read SubStreamsInfo function in archive read support format 7zip.c to minimize the risk of exploitation.

Exploit

Fix

RCE

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2016-1654
CESA-2016_1844
CVE-2016-4300
DLA-554-1
DSA-3657-1
MGASA-2016-0239
OPENSUSE-SU-2016_2036-1
OPENSUSE-SU-2024:10127-1
RHSA-2016:1844
RHSA-2016_1844
SUSE-SU-2016:1909-1
USN-3033-1

Affected Products

Alt Linux
Centos
Red Hat
Suse
Ubuntu
Libarchive