Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2016-4300

Опубликовано: 21 сент. 2016
Источник: nvd
CVSS3: 7.8
CVSS2: 6.8
EPSS Низкий

Описание

Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*
Версия до 3.2.0 (включая)
Конфигурация 2

Одно из

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 82%
0.0177
Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-190

Связанные уязвимости

ubuntu логотип

CVE-2016-4300

CVSS3: 7.8
ubuntu
около 9 лет назад

Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.

redhat логотип

CVE-2016-4300

CVSS3: 8.4
redhat
больше 9 лет назад

Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.

debian логотип

CVE-2016-4300

CVSS3: 7.8
debian
около 9 лет назад

Integer overflow in the read_SubStreamsInfo function in archive_read_s ...

github логотип

GHSA-6qg7-x2gx-6jfr

CVSS3: 7.8
github
больше 3 лет назад

Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.

suse-cvrf логотип

openSUSE-SU-2016:2036-1

suse-cvrf
около 9 лет назад

Security update for libarchive

EPSS

Процентиль: 82%
0.0177
Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-190