CVE-2015-8928

Опубликовано: 17 июн. 2016

Источник: redhat

CVSS3: 3.7

CVSS2: 3.5

EPSS Низкий

Описание

The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.

A vulnerability was found in libarchive. A specially crafted MTREE file could cause a limited out-of-bounds read, potentially disclosing contents of application memory.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	libarchive	Not affected
Red Hat Enterprise Linux 7	libarchive	Fixed	RHSA-2016:1844	12.09.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-228->CWE-125

https://bugzilla.redhat.com/show_bug.cgi?id=1348429libarchive: Heap out of bounds read in mtree parser

EPSS

Процентиль: 53%

0.00295

Низкий

3.7 Low

CVSS3

3.5 Low

CVSS2

Связанные уязвимости

CVE-2015-8928

CVSS3: 5.5

ubuntu

около 9 лет назад

The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.

CVE-2015-8928

CVSS3: 5.5

nvd

около 9 лет назад

The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.

CVE-2015-8928

CVSS3: 5.5

debian

около 9 лет назад

The process_add_entry function in archive_read_support_format_mtree.c ...

GHSA-3cfr-mv5q-x2vc

CVSS3: 5.5

github

больше 3 лет назад

The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.

openSUSE-SU-2016:2036-1

suse-cvrf

около 9 лет назад

Security update for libarchive

EPSS

Процентиль: 53%

0.00295

Низкий

3.7 Low

CVSS3

3.5 Low

CVSS2