CVE-2006-5680 - The libarchive library in FreeBSD 6-STABLE after 2006-09-05 and before 2006-11-08 allows context-dep

CVE-2006-5680

Summary

The libarchive library in FreeBSD 6-STABLE after 2006-09-05 and before 2006-11-08 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive that causes libarchive to skip a region past the actual end of the archive, which triggers an infinite loop that attempts to read more data.

References

http://secunia.com/advisories/22723
http://secunia.com/advisories/22801
http://security.freebsd.org/advisories/FreeBSD-SA-06:24.libarchive.asc
http://securitytracker.com/id?1017199
http://www.securityfocus.com/bid/20961
https://exchange.xforce.ibmcloud.com/vulnerabilities/30137

Vulnerable Configurations

cpe:2.3:o:freebsd:freebsd:6:stable:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:6:stable:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 20-07-2017 - 01:33)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

bid	20961
freebsd	FreeBSD-SA-06:24
sectrack	1017199
secunia	22723 22801
xf	freebsd-libarchive-file-dos(30137)

Last major update

20-07-2017 - 01:33

Published

09-11-2006 - 00:07

Last modified

20-07-2017 - 01:33