Описание
Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive.
A vulnerability was found in libarchive. A specially crafted zip file can provide an incorrect compressed size, which may allow an attacker to place arbitrary code on the heap and execute it in the context of the application.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | libarchive | Not affected | ||
| Red Hat Enterprise Linux 7 | libarchive | Fixed | RHSA-2016:1844 | 12.09.2016 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.4 High
CVSS3
6 Medium
CVSS2
Связанные уязвимости
Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive.
Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive.
Heap-based buffer overflow in the zip_read_mac_metadata function in ar ...
EPSS
8.4 High
CVSS3
6 Medium
CVSS2