Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive prior to 3.2.1 allows remote malicious users to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
libarchive libarchive |
||
redhat enterprise linux workstation 7.0 |
||
redhat enterprise linux server eus 7.2 |
||
redhat enterprise linux server aus 7.2 |
||
redhat enterprise linux hpc node eus 7.2 |
||
redhat enterprise linux desktop 7.0 |
||
redhat enterprise linux hpc node 7.0 |
||
redhat enterprise linux server 7.0 |
Input validation bugs in 7zip, mtree and Rar handlers
Users, developers, sysadmins – World+Dog, really – need to get busy patching libarchive, after Cisco Talos researchers turned up three new vulnerabilities. Described here, the bugs all relate to input validation. CVE-2016-4300 is a heap overflow in its handling of 7zip files: a malicious file can cause an integer overflow, memory corruption, and ultimately code execution. The second, CVE-2016-4301, is a buffer overflow in the handling of mtree files; and finally, Rar file handling is subject...