Published: 21/09/2016 Updated: 27/12/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

The sandboxing code in libarchive 3.2.0 and previous versions mishandles hardlink archive entries of non-zero data size, which might allow remote malicious users to write to arbitrary files via a crafted archive file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat enterprise linux hpc node 6.0
redhat enterprise linux server 6.0
redhat enterprise linux workstation 6.0
redhat enterprise linux desktop 6.0
oracle linux 6
oracle linux 7
redhat openshift 3.2
redhat openshift 3.1
libarchive libarchive
redhat enterprise linux server 7.0
redhat enterprise linux hpc node 7.0
redhat enterprise linux server aus 7.2
redhat enterprise linux desktop 7.0
redhat enterprise linux hpc node eus 7.2
redhat enterprise linux server eus 7.2
redhat enterprise linux workstation 7.0

Debian Bug report logs - #837714 libarchive: CVE-2016-5418: Archive Entry with type 1 (hardlink), but has a non-zero data size file overwrite Package: src:libarchive; Maintainer for src:libarchive is Peter Pentchev <roam@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 13 Sep 2016 19:45:02 ...

libarchive could be made to crash, overwrite files, or run programs as your login if it opened a specially crafted file ...

Several vulnerabilities were discovered in libarchive, a multi-format archive and compression library, which may lead to denial of service (memory consumption and application crash), bypass of sandboxing restrictions and overwrite arbitrary files with arbitrary data from an archive, or the execution of arbitrary code For the stable distribution (j ...

A flaw was found in the way libarchive handled hardlink archive entries of non-zero size Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive (CVE-2016-5418) Multiple out-of-bounds write flaws were found in libarchive S ...

A flaw was found in the way libarchive handled hardlink archive entries of non-zero size Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive ...

CWE-20 CWE-19 http://rhn.redhat.com/errata/RHSA-2016-1850.html http://rhn.redhat.com/errata/RHSA-2016-1844.html https://bugzilla.redhat.com/show_bug.cgi?id=1362601 https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f https://github.com/libarchive/libarchive/issues/746 https://access.redhat.com/errata/RHSA-2016:1853 https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9 http://www.openwall.com/lists/oss-security/2016/08/09/2 https://access.redhat.com/errata/RHSA-2016:1852 http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/93165 https://security.gentoo.org/glsa/201701-03 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837714 https://usn.ubuntu.com/3225-1/https://nvd.nist.gov

CVE-2016-5418

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect