CVE-2015-8920

Опубликовано: 17 июн. 2016

Источник: redhat

CVSS3: 3.7

CVSS2: 3.5

EPSS Низкий

Описание

The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.

A vulnerability was found in libarchive. A specially crafted AR archive could cause the application to read a single byte of application memory, potentially disclosing it to the attacker.

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-228->CWE-125

https://bugzilla.redhat.com/show_bug.cgi?id=1348416libarchive: Stack out of bounds read in ar parser

EPSS

Процентиль: 65%

0.00483

Низкий

3.7 Low

CVSS3

3.5 Low

CVSS2

Связанные уязвимости

CVE-2015-8920

CVSS3: 5.5

ubuntu

около 9 лет назад

The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.

CVE-2015-8920

CVSS3: 5.5

nvd

около 9 лет назад

The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.

CVE-2015-8920

CVSS3: 5.5

debian

около 9 лет назад

The _ar_read_header function in archive_read_support_format_ar.c in li ...

GHSA-f3p9-58ff-r365

CVSS3: 5.5

github

больше 3 лет назад

The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.

SUSE-SU-2016:1939-1

suse-cvrf

больше 9 лет назад

Security update for bsdtar

EPSS

Процентиль: 65%

0.00483

Низкий

3.7 Low

CVSS3

3.5 Low

CVSS2