Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2016-4300

Опубликовано: 21 сент. 2016
Источник: debian

Описание

Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libarchivefixed3.2.1-1package

Примечания

  • http://blog.talosintel.com/2016/06/the-poisoned-archives.html

  • http://www.talosintel.com/reports/TALOS-2016-0152/

  • https://github.com/libarchive/libarchive/issues/718

  • Requirement: https://github.com/libarchive/libarchive/commit/3d469df8eaace8297a27ce62befa295c0fdc5a3a

  • Fixed by: https://github.com/libarchive/libarchive/commit/e79ef306afe332faf22e9b442a2c6b59cb175573 (v3.2.1)

  • Notice introduction of UMAX_ENTRY with 3d469df8eaace8297a27ce62befa295c0fdc5a3a

  • Libarchive 3.1.2 and lower has a much smaller "UMAX_ENTRY", which is hardcoded

  • in various places before 3d469df8eaace8297a27ce62befa295c0fdc5a3a and has value

  • 1000000, making exploitation more difficult but not impossible.

Связанные уязвимости

ubuntu логотип

CVE-2016-4300

CVSS3: 7.8
ubuntu
почти 9 лет назад

Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.

redhat логотип

CVE-2016-4300

CVSS3: 8.4
redhat
около 9 лет назад

Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.

nvd логотип

CVE-2016-4300

CVSS3: 7.8
nvd
почти 9 лет назад

Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.

github логотип

GHSA-6qg7-x2gx-6jfr

CVSS3: 7.8
github
около 3 лет назад

Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.

suse-cvrf логотип

openSUSE-SU-2016:2036-1

suse-cvrf
около 9 лет назад

Security update for libarchive