| ID |
CVE-2017-14502
|
| Summary |
read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 5.0 (as of 03-10-2019 - 00:03) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-193 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| NONE |
NONE |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
| refmap
via4
|
| debian | DSA-4360 | | gentoo | GLSA-201908-11 | | misc | | | mlist | [debian-lts-announce] 20181129 [SECURITY] [DLA 1600-1] libarchive security update | | ubuntu | USN-3859-1 |
|
| Last major update |
03-10-2019 - 00:03 |
| Published |
17-09-2017 - 18:29 |
| Last modified |
03-10-2019 - 00:03 |
