Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.6
CVSSv3

CVE-2016-6250

Published: 21/09/2016 Updated: 27/12/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 8.6 | Impact Score: 4.7 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Linux

Vulnerability Summary

Integer overflow in the ISO9660 writer in libarchive prior to 3.2.1 allows remote malicious users to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

oracle linux 7

libarchive libarchive

Vendor Advisories

Debian CVElist Bug Report Logs: libarchive: CVE-2016-5418: Archive Entry with type 1 (hardlink), but has a non-zero data size file overwrite
Debian Bug report logs - #837714 libarchive: CVE-2016-5418: Archive Entry with type 1 (hardlink), but has a non-zero data size file overwrite Package: src:libarchive; Maintainer for src:libarchive is Peter Pentchev <roam@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 13 Sep 2016 19:45:02 ...
Ubuntu Security Notice: libarchive vulnerabilities
libarchive could be made to crash, overwrite files, or run programs as your login if it opened a specially crafted file ...
Debian Security Advisories: DSA-3677-1 libarchive -- security update
Several vulnerabilities were discovered in libarchive, a multi-format archive and compression library, which may lead to denial of service (memory consumption and application crash), bypass of sandboxing restrictions and overwrite arbitrary files with arbitrary data from an archive, or the execution of arbitrary code For the stable distribution (j ...
Amazon Linux AMI: ALAS-2016-743
A flaw was found in the way libarchive handled hardlink archive entries of non-zero size Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive (CVE-2016-5418) Multiple out-of-bounds write flaws were found in libarchive S ...
Red Hat: CVE-2016-6250
A vulnerability was found in libarchive An attempt to create an ISO9660 volume with 2GB or 4GB filenames could cause the application to crash ...

References

CWE-190https://github.com/libarchive/libarchive/files/295073/libarchiveOverflow.txthttps://github.com/libarchive/libarchive/issues/711https://bugzilla.redhat.com/show_bug.cgi?id=1347085http://www.openwall.com/lists/oss-security/2016/07/20/1http://www.openwall.com/lists/oss-security/2016/07/21/3http://www.securitytracker.com/id/1036431https://github.com/libarchive/libarchive/commit/3014e198http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.htmlhttp://www.securityfocus.com/bid/92036https://security.gentoo.org/glsa/201701-03http://rhn.redhat.com/errata/RHSA-2016-1844.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837714https://usn.ubuntu.com/3225-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654CVE-2023-49606encryptionNULL pointer dereferenceCVE-2024-4439CVE-2024-4649race conditionCVE-2024-27202CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook