ID CVE-2015-8922
Summary The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct.
References
Vulnerable Configurations
  • cpe:2.3:a:libarchive:libarchive:2.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:libarchive:libarchive:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libarchive:libarchive:2.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:libarchive:libarchive:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libarchive:libarchive:2.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:libarchive:libarchive:2.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libarchive:libarchive:2.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:libarchive:libarchive:2.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libarchive:libarchive:2.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:libarchive:libarchive:2.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libarchive:libarchive:2.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:libarchive:libarchive:2.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libarchive:libarchive:2.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:libarchive:libarchive:2.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libarchive:libarchive:2.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:libarchive:libarchive:2.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libarchive:libarchive:2.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:libarchive:libarchive:2.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libarchive:libarchive:2.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:libarchive:libarchive:2.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libarchive:libarchive:2.8.5:*:*:*:*:*:*:*
    cpe:2.3:a:libarchive:libarchive:2.8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:libarchive:libarchive:3.0.0a:*:*:*:*:*:*:*
    cpe:2.3:a:libarchive:libarchive:3.0.0a:*:*:*:*:*:*:*
  • cpe:2.3:a:libarchive:libarchive:3.0.1b:*:*:*:*:*:*:*
    cpe:2.3:a:libarchive:libarchive:3.0.1b:*:*:*:*:*:*:*
  • cpe:2.3:a:libarchive:libarchive:3.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:libarchive:libarchive:3.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libarchive:libarchive:3.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:libarchive:libarchive:3.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libarchive:libarchive:3.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:libarchive:libarchive:3.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libarchive:libarchive:3.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:libarchive:libarchive:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libarchive:libarchive:3.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:libarchive:libarchive:3.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libarchive:libarchive:3.1.2:*:*:*:*:x64:*:*
    cpe:2.3:a:libarchive:libarchive:3.1.2:*:*:*:*:x64:*:*
  • cpe:2.3:a:libarchive:libarchive:3.1.2:-:*:*:*:*:*:*
    cpe:2.3:a:libarchive:libarchive:3.1.2:-:*:*:*:*:*:*
  • cpe:2.3:a:libarchive:libarchive:3.1.900a:*:*:*:*:*:*:*
    cpe:2.3:a:libarchive:libarchive:3.1.900a:*:*:*:*:*:*:*
  • cpe:2.3:a:libarchive:libarchive:3.1.901a:*:*:*:*:*:*:*
    cpe:2.3:a:libarchive:libarchive:3.1.901a:*:*:*:*:*:*:*
  • cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*
    cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*
  • cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*
    cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*
  • cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*
    cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:oracle:linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:oracle:linux:7.0:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 05-01-2018 - 02:30)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
advisories
rhsa
id RHSA-2016:1844
rpms
  • bsdcpio-0:3.1.2-10.el7_2
  • bsdtar-0:3.1.2-10.el7_2
  • libarchive-0:3.1.2-10.el7_2
  • libarchive-devel-0:3.1.2-10.el7_2
refmap via4
bid 91312
confirm
debian DSA-3657
gentoo GLSA-201701-03
misc https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html
mlist
  • [oss-security] 20160617 Many invalid memory access issues in libarchive
  • [oss-security] 20160617 Re: Many invalid memory access issues in libarchive
suse SUSE-SU-2016:1909
ubuntu USN-3033-1
Last major update 05-01-2018 - 02:30
Published 20-09-2016 - 14:15
Back to Top