Описание
Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libarchive | fixed | 3.2.1-1 | package | |
| libarchive | not-affected | jessie | package | |
| libarchive | not-affected | wheezy | package |
Примечания
http://blog.talosintel.com/2016/06/the-poisoned-archives.html
http://www.talosintel.com/reports/TALOS-2016-0153/
https://github.com/libarchive/libarchive/pull/715
Fixed by: https://github.com/libarchive/libarchive/commit/ecdac4d50db0cf5a0c630ba077729aaa6c5a2dd2
EPSS
Связанные уязвимости
Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file.
Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file.
Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file.
Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file.
EPSS