CVE-2015-8930

Опубликовано: 17 июн. 2016

Источник: redhat

CVSS3: 3.7

CVSS2: 3.5

EPSS Низкий

Описание

bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.

A vulnerability was found in libarchive. A specially crafted ISO file could cause the application to consume resources until it hit a memory limit, leading to a crash or denial of service.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	libarchive	Not affected
Red Hat Enterprise Linux 7	libarchive	Fixed	RHSA-2016:1844	12.09.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-228->CWE-835

https://bugzilla.redhat.com/show_bug.cgi?id=1349204libarchive: Endless loop in ISO parser

EPSS

Процентиль: 89%

0.04803

Низкий

3.7 Low

CVSS3

3.5 Low

CVSS2

Связанные уязвимости

CVE-2015-8930

CVSS3: 7.5

ubuntu

почти 9 лет назад

bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.

CVE-2015-8930

CVSS3: 7.5

nvd

почти 9 лет назад

bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.

CVE-2015-8930

CVSS3: 7.5

debian

почти 9 лет назад

bsdtar in libarchive before 3.2.0 allows remote attackers to cause a d ...

GHSA-7q6x-9f96-w6p8

CVSS3: 7.5

github

около 3 лет назад

bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.

openSUSE-SU-2016:2036-1

suse-cvrf

около 9 лет назад

Security update for libarchive

EPSS

Процентиль: 89%

0.04803

Низкий

3.7 Low

CVSS3

3.5 Low

CVSS2