Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2016-7166

Published: 21/09/2016 Updated: 27/12/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Redhat

Vulnerability Summary

libarchive prior to 3.2.0 does not limit the number of recursive decompressions, which allows remote malicious users to cause a denial of service (memory consumption and application crash) via a crafted gzip file.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redhat enterprise linux server eus 7.2

redhat enterprise linux hpc node eus 7.2

redhat enterprise linux server 7.0

redhat enterprise linux workstation 7.0

redhat enterprise linux server aus 7.2

redhat enterprise linux desktop 7.0

redhat enterprise linux hpc node 7.0

libarchive libarchive

redhat enterprise linux desktop 6.0

redhat enterprise linux workstation 6.0

redhat enterprise linux hpc node 6.0

redhat enterprise linux server 6.0

oracle linux 7

oracle linux 6

Vendor Advisories

Debian CVElist Bug Report Logs: libarchive: CVE-2016-5418: Archive Entry with type 1 (hardlink), but has a non-zero data size file overwrite
Debian Bug report logs - #837714 libarchive: CVE-2016-5418: Archive Entry with type 1 (hardlink), but has a non-zero data size file overwrite Package: src:libarchive; Maintainer for src:libarchive is Peter Pentchev <roam@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 13 Sep 2016 19:45:02 ...
Ubuntu Security Notice: libarchive vulnerabilities
libarchive could be made to crash, overwrite files, or run programs as your login if it opened a specially crafted file ...
Debian Security Advisories: DSA-3677-1 libarchive -- security update
Several vulnerabilities were discovered in libarchive, a multi-format archive and compression library, which may lead to denial of service (memory consumption and application crash), bypass of sandboxing restrictions and overwrite arbitrary files with arbitrary data from an archive, or the execution of arbitrary code For the stable distribution (j ...
Amazon Linux AMI: ALAS-2016-743
A flaw was found in the way libarchive handled hardlink archive entries of non-zero size Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive (CVE-2016-5418) Multiple out-of-bounds write flaws were found in libarchive S ...
Red Hat: CVE-2016-7166
A vulnerability was found in libarchive A specially crafted gzip file can cause libarchive to allocate memory without limit, eventually leading to a crash ...

References

CWE-399https://bugzilla.redhat.com/show_bug.cgi?id=1347086http://rhn.redhat.com/errata/RHSA-2016-1850.htmlhttp://rhn.redhat.com/errata/RHSA-2016-1844.htmlhttps://github.com/libarchive/libarchive/issues/660https://github.com/libarchive/libarchive/commit/6e06b1c89dd0d16f74894eac4cfc1327a06ee4a0http://www.openwall.com/lists/oss-security/2016/09/08/15http://www.securityfocus.com/bid/92901http://www.openwall.com/lists/oss-security/2016/09/08/18https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207362http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.htmlhttps://security.gentoo.org/glsa/201701-03https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837714https://usn.ubuntu.com/3225-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975CVE-2024-2961CVE-2024-20380XML injectionHTML injectionCVE-2024-29204CVE-2023-51795memory leakCVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook