Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-4302

Опубликовано: 19 июн. 2016
Источник: redhat
CVSS3: 7.7
CVSS2: 6

Описание

Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary.

A vulnerability was found in libarchive's handling of RAR archives. A specially crafted RAR file can cause a heap overflow, potentially leading to code execution in the context of the application.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6libarchiveNot affected
Red Hat Enterprise Linux 7libarchiveFixedRHSA-2016:184412.09.2016

Показывать по

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=1348444libarchive: Heap buffer overflow in the Rar decompression functionality

7.7 High

CVSS3

6 Medium

CVSS2

Связанные уязвимости

CVSS3: 7.8
ubuntu
почти 9 лет назад

Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary.

CVSS3: 7.8
nvd
почти 9 лет назад

Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary.

CVSS3: 7.8
debian
почти 9 лет назад

Heap-based buffer overflow in the parse_codes function in archive_read ...

CVSS3: 7.8
github
около 3 лет назад

Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary.

suse-cvrf
около 9 лет назад

Security update for libarchive

7.7 High

CVSS3

6 Medium

CVSS2