ID CVE-2016-10209
Summary The archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file.
References
Vulnerable Configurations
  • libarchive 3.2.2
    cpe:2.3:a:libarchive:libarchive:3.2.2
CVSS
Base: 4.3 (as of 04-04-2017 - 17:23)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1006.NASL
    description Multiple denial of services vulnerabilities have been identified in libarchive when manipulating specially crafted archives. CVE-2016-10209 NULL pointer dereference and application crash in the archive_wstring_append_from_mbs() function. CVE-2016-10349 Heap-based buffer over-read and application crash in the archive_le32dec() function. CVE-2016-10350 Heap-based buffer over-read and application crash in the archive_read_format_cab_read_header() function. For Debian 7 'Wheezy', these problems have been fixed in version 3.0.4-3+wheezy6. We recommend that you upgrade your libarchive packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-09
    plugin id 101173
    published 2017-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101173
    title Debian DLA-1006-1 : libarchive security update
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3736-1.NASL
    description It was discovered that libarchive incorrectly handled certain archive files. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10209, CVE-2016-10349, CVE-2016-10350) Agostino Sarubbo discovered that libarchive incorrectly handled certain XAR files. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-14166) It was discovered that libarchive incorrectly handled certain files. A remote attacker could possibly use this issue to get access to sensitive information. (CVE-2017-14501, CVE-2017-14503). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 111672
    published 2018-08-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111672
    title Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : libarchive vulnerabilities (USN-3736-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-3640-2.NASL
    description This update for libarchive fixes the following issues : CVE-2016-10209: The archive_wstring_append_from_mbs function in archive_string.c allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file. (bsc#1032089) CVE-2016-10349: The archive_le32dec function in archive_endian.h allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (bsc#1037008) CVE-2016-10350: The archive_read_format_cab_read_header function in archive_read_support_format_cab.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (bsc#1037009) CVE-2017-14166: libarchive allowed remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c. (bsc#1057514) CVE-2017-14501: An out-of-bounds read flaw existed in parse_file_info in archive_read_support_format_iso9660.c when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header. (bsc#1059139) CVE-2017-14502: read_header in archive_read_support_format_rar.c suffered from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. (bsc#1059134) CVE-2017-14503: libarchive suffered from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16. (bsc#1059100) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-10
    plugin id 119552
    published 2018-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119552
    title SUSE SLED12 / SLES12 Security Update : libarchive (SUSE-SU-2018:3640-2)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-3640-1.NASL
    description This update for libarchive fixes the following issues : CVE-2016-10209: The archive_wstring_append_from_mbs function in archive_string.c allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file. (bsc#1032089) CVE-2016-10349: The archive_le32dec function in archive_endian.h allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (bsc#1037008) CVE-2016-10350: The archive_read_format_cab_read_header function in archive_read_support_format_cab.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (bsc#1037009) CVE-2017-14166: libarchive allowed remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c. (bsc#1057514) CVE-2017-14501: An out-of-bounds read flaw existed in parse_file_info in archive_read_support_format_iso9660.c when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header. (bsc#1059139) CVE-2017-14502: read_header in archive_read_support_format_rar.c suffered from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. (bsc#1059134) CVE-2017-14503: libarchive suffered from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16. (bsc#1059100) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 118819
    published 2018-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118819
    title SUSE SLED12 / SLES12 Security Update : libarchive (SUSE-SU-2018:3640-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-1366.NASL
    description This update for libarchive fixes the following issues : - CVE-2016-10209: The archive_wstring_append_from_mbs function in archive_string.c allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file. (bsc#1032089) - CVE-2016-10349: The archive_le32dec function in archive_endian.h allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (bsc#1037008) - CVE-2016-10350: The archive_read_format_cab_read_header function in archive_read_support_format_cab.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (bsc#1037009) - CVE-2017-14166: libarchive allowed remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c. (bsc#1057514) - CVE-2017-14501: An out-of-bounds read flaw existed in parse_file_info in archive_read_support_format_iso9660.c when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header. (bsc#1059139) - CVE-2017-14502: read_header in archive_read_support_format_rar.c suffered from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. (bsc#1059134) - CVE-2017-14503: libarchive suffered from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16. (bsc#1059100) This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 118872
    published 2018-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118872
    title openSUSE Security Update : libarchive (openSUSE-2018-1366)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-55A8F10223.NASL
    description fix two minor CVEs by backporting upstream commits Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2017-04-24
    plugin id 99609
    published 2017-04-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99609
    title Fedora 25 : libarchive (2017-55a8f10223)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-35E59A5FFB.NASL
    description fix two minor CVEs by backporting upstream commits (rhbz#1439705, rhbz#1417920) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2017-07-17
    plugin id 101608
    published 2017-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101608
    title Fedora 26 : libarchive (2017-35e59a5ffb)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4360.NASL
    description Multiple security issues were found in libarchive, a multi-format archive and compression library: Processing malformed RAR archives could result in denial of service or the execution of arbitrary code and malformed WARC, LHarc, ISO, Xar or CAB archives could result in denial of service.
    last seen 2019-02-21
    modified 2019-01-18
    plugin id 119893
    published 2018-12-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119893
    title Debian DSA-4360-1 : libarchive - security update
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1600.NASL
    description Multiple security vulnerabilities were found in libarchive, a multi-format archive and compression library. Heap-based buffer over-reads, NULL pointer dereferences and out-of-bounds reads allow remote attackers to cause a denial of service (application crash) via specially crafted archive files. For Debian 8 'Jessie', these problems have been fixed in version 3.1.2-11+deb8u4. We recommend that you upgrade your libarchive packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 119289
    published 2018-11-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119289
    title Debian DLA-1600-1 : libarchive security update
refmap via4
bid 97327
confirm https://github.com/libarchive/libarchive/issues/842
debian DSA-4360
mlist [debian-lts-announce] 20181129 [SECURITY] [DLA 1600-1] libarchive security update
ubuntu USN-3736-1
Last major update 06-04-2017 - 09:10
Published 03-04-2017 - 01:59
Last modified 28-12-2018 - 11:29
Back to Top