Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2016-8687

Published: 15/02/2017 Updated: 30/11/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Libarchive

Vulnerability Summary

Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote malicious users to cause a denial of service via a crafted non-printable multibyte character in a filename.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

libarchive libarchive 3.2.1

opensuse leap 42.2

Vendor Advisories

Ubuntu Security Notice: libarchive vulnerabilities
libarchive could be made to crash, overwrite files, or run programs as your login if it opened a specially crafted file ...
Debian CVElist Bug Report Logs: libarchive: CVE-2016-8689: heap-based buffer overflow in read_Header
Debian Bug report logs - #840934 libarchive: CVE-2016-8689: heap-based buffer overflow in read_Header Package: src:libarchive; Maintainer for src:libarchive is Peter Pentchev <roam@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 16 Oct 2016 09:42:02 UTC Severity: grave Tags: patch, secur ...
Debian CVElist Bug Report Logs: libarchive: CVE-2016-8687: bsdtar: stack-based buffer overflow in bsdtar_expand_char
Debian Bug report logs - #840936 libarchive: CVE-2016-8687: bsdtar: stack-based buffer overflow in bsdtar_expand_char Package: src:libarchive; Maintainer for src:libarchive is Peter Pentchev <roam@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 16 Oct 2016 09:51:04 UTC Severity: grave Ta ...
Debian CVElist Bug Report Logs: libarchive: CVE-2016-8688: Out of bounds read in mtree parser
Debian Bug report logs - #840935 libarchive: CVE-2016-8688: Out of bounds read in mtree parser Package: src:libarchive; Maintainer for src:libarchive is Peter Pentchev <roam@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 16 Oct 2016 09:51:01 UTC Severity: grave Tags: fixed-upstream, pat ...
Red Hat: CVE-2016-8687
Stack-based buffer overflow in the safe_fprintf function in tar/utilc in libarchive 321 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename ...

References

CWE-119https://security.gentoo.org/glsa/201701-03https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1ahttps://bugzilla.redhat.com/show_bug.cgi?id=1377926https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-stack-based-buffer-overflow-in-bsdtar_expand_char-util-c/http://www.securityfocus.com/bid/93781http://www.openwall.com/lists/oss-security/2016/10/16/11http://lists.opensuse.org/opensuse-updates/2016-12/msg00027.htmlhttp://www.securitytracker.com/id/1037668https://lists.debian.org/debian-lts-announce/2018/11/msg00037.htmlhttps://usn.ubuntu.com/3225-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975CVE-2024-2961CVE-2024-20380XML injectionHTML injectionCVE-2024-29204CVE-2023-51795memory leakCVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook