Published: 30/09/2013 Updated: 30/10/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and previous versions, when running on 64-bit machines, allows context-dependent malicious users to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libarchive libarchive
canonical ubuntu linux 14.04
canonical ubuntu linux 12.04
opensuse opensuse 13.1
canonical ubuntu linux 14.10
opensuse opensuse 13.2
fedoraproject fedora 17
fedoraproject fedora 18
freebsd freebsd 9.3

Debian Bug report logs - #703957 libarchive: CVE-2013-0211 Package: libarchive; Maintainer for libarchive is Peter Pentchev <roam@debianorg>; Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Tue, 26 Mar 2013 08:39:01 UTC Severity: grave Tags: patch, security Fixed in version libarchive/304-3 Done: Andreas ...

libarchive could be made to crash or overwrite files ...

CWE-189 https://github.com/libarchive/libarchive/commit/22531545514043e04633e1c015c7540b9de9dbe4 https://bugzilla.redhat.com/show_bug.cgi?id=902998 http://www.mandriva.com/security/advisories?name=MDVSA-2013:147 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101872.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101700.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101876.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101687.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00065.html http://www.ubuntu.com/usn/USN-2549-1 https://www.freebsd.org/security/advisories/FreeBSD-SA-16:23.libarchive.asc http://www.securitytracker.com/id/1035995 http://www.securityfocus.com/bid/58926 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703957 https://usn.ubuntu.com/2549-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-0211

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect