Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2016-8689

Published: 15/02/2017 Updated: 30/11/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Libarchive

Vulnerability Summary

The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote malicious users to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive.

Vulnerable Product Search on Vulmon Subscribe to Product

libarchive libarchive 3.2.1

opensuse leap 42.2

Vendor Advisories

Ubuntu Security Notice: libarchive vulnerabilities
libarchive could be made to crash, overwrite files, or run programs as your login if it opened a specially crafted file ...
Debian CVElist Bug Report Logs: libarchive: CVE-2016-8689: heap-based buffer overflow in read_Header
Debian Bug report logs - #840934 libarchive: CVE-2016-8689: heap-based buffer overflow in read_Header Package: src:libarchive; Maintainer for src:libarchive is Peter Pentchev <roam@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 16 Oct 2016 09:42:02 UTC Severity: grave Tags: patch, secur ...
Debian CVElist Bug Report Logs: libarchive: CVE-2016-8687: bsdtar: stack-based buffer overflow in bsdtar_expand_char
Debian Bug report logs - #840936 libarchive: CVE-2016-8687: bsdtar: stack-based buffer overflow in bsdtar_expand_char Package: src:libarchive; Maintainer for src:libarchive is Peter Pentchev <roam@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 16 Oct 2016 09:51:04 UTC Severity: grave Ta ...
Debian CVElist Bug Report Logs: libarchive: CVE-2016-8688: Out of bounds read in mtree parser
Debian Bug report logs - #840935 libarchive: CVE-2016-8688: Out of bounds read in mtree parser Package: src:libarchive; Maintainer for src:libarchive is Peter Pentchev <roam@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 16 Oct 2016 09:51:01 UTC Severity: grave Tags: fixed-upstream, pat ...
Red Hat: CVE-2016-8689
The read_Header function in archive_read_support_format_7zipc in libarchive 321 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive ...

References

CWE-125https://security.gentoo.org/glsa/201701-03https://github.com/libarchive/libarchive/commit/7f17c791dcfd8c0416e2cd2485b19410e47ef126https://bugzilla.redhat.com/show_bug.cgi?id=1377925https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer-overflow-in-read_header-archive_read_support_format_7zip-c/http://www.securityfocus.com/bid/93781http://www.openwall.com/lists/oss-security/2016/10/16/11http://lists.opensuse.org/opensuse-updates/2016-12/msg00027.htmlhttps://lists.debian.org/debian-lts-announce/2018/11/msg00037.htmlhttps://usn.ubuntu.com/3225-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook