CVE-2015-8922 - The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows

CVE-2015-8922

Summary

The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct.

References

Vulnerable Configurations

cpe:2.3:a:libarchive:libarchive:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:2.8.0:*:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:2.8.0:*:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:2.8.1:*:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:2.8.1:*:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:2.8.2:*:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:2.8.2:*:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:2.8.3:*:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:2.8.3:*:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:2.8.4:*:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:2.8.4:*:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:2.8.5:*:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:2.8.5:*:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:3.0.0a:*:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:3.0.0a:*:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:3.0.1b:*:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:3.0.1b:*:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:3.1.2:*:*:*:*:x64:*:*
cpe:2.3:a:libarchive:libarchive:3.1.2:*:*:*:*:x64:*:*
cpe:2.3:a:libarchive:libarchive:3.1.2:-:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:3.1.2:-:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:3.1.900a:*:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:3.1.900a:*:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:3.1.901a:*:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:3.1.901a:*:*:*:*:*:*:*
cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*
cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*
cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*
cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*
cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*
cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*
cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 12-09-2023 - 14:45)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

redhat via4

advisories

rhsa

id	RHSA-2016:1844

rpms

bsdcpio-0:3.1.2-10.el7_2
bsdtar-0:3.1.2-10.el7_2
libarchive-0:3.1.2-10.el7_2
libarchive-debuginfo-0:3.1.2-10.el7_2
libarchive-devel-0:3.1.2-10.el7_2

refmap via4

bid	91312
confirm	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html https://github.com/libarchive/libarchive/issues/513 https://www.suse.com/security/cve/CVE-2015-8922.html
debian	DSA-3657
gentoo	GLSA-201701-03
misc	https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html
mlist	[oss-security] 20160617 Many invalid memory access issues in libarchive [oss-security] 20160617 Re: Many invalid memory access issues in libarchive
suse	SUSE-SU-2016:1909
ubuntu	USN-3033-1

Last major update

12-09-2023 - 14:45

Published

20-09-2016 - 14:15

Last modified

12-09-2023 - 14:45