Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2016-5418

Опубликовано: 21 сент. 2016
Источник: debian
EPSS Низкий

Описание

The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libarchivefixed3.2.1-4package

Примечания

  • Centos patch: https://git.centos.org/blob/rpms!libarchive.git/9952851f8b327a8c93d26a5873c190c1fb09ae6c/SOURCES!libarchive-3.1.2-CVE-2016-5418.patch;jsessionid=1dexz8h9qdewibih5aonbu3

  • Centos additional patch: https://git.centos.org/blob/rpms!libarchive.git/9952851f8b327a8c93d26a5873c190c1fb09ae6c/SOURCES!libarchive-3.1.2-CVE-2016-5418-variation.patch;jsessionid=1dexz8h9qdewibih5aonbu3

  • Fixed by (for #744): https://github.com/libarchive/libarchive/commit/1fa9c7bf90f0862036a99896b0501c381584451a

  • Fixed by (for #745 and #746): https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9

  • https://bugzilla.redhat.com/show_bug.cgi?id=1362601, relates to upstream bugs #744, #745 and #746

  • https://github.com/libarchive/libarchive/issues/743 (umbrella report)

  • https://github.com/libarchive/libarchive/issues/744

  • https://github.com/libarchive/libarchive/issues/745

  • https://github.com/libarchive/libarchive/issues/746

  • Testcase: https://github.com/libarchive/libarchive/commit/063ea3ea3fcb569a380b2ebe9c9ddd8bd6ce0d49

  • Fix for testcase: https://github.com/libarchive/libarchive/commit/50952acd22df3326c49771f5e5ba48630899468c

EPSS

Процентиль: 90%
0.05224
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2016-5418

CVSS3: 7.5
ubuntu
почти 9 лет назад

The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.

redhat логотип

CVE-2016-5418

CVSS3: 7.5
redhat
почти 9 лет назад

The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.

nvd логотип

CVE-2016-5418

CVSS3: 7.5
nvd
почти 9 лет назад

The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.

github логотип

GHSA-88p3-99rj-qvrx

CVSS3: 7.5
github
около 3 лет назад

The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.

suse-cvrf логотип

openSUSE-SU-2016:3005-1

suse-cvrf
больше 8 лет назад

Security update for libarchive

EPSS

Процентиль: 90%
0.05224
Низкий