Published: 27/01/2017 Updated: 30/11/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote malicious users to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libarchive libarchive 3.2.2

libarchive could be made to crash, overwrite files, or run programs as your login if it opened a specially crafted file ...

Debian Bug report logs - #853278 libarchive: CVE-2017-5601 Package: src:libarchive; Maintainer for src:libarchive is Peter Pentchev <roam@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 31 Jan 2017 05:54:01 UTC Severity: grave Tags: patch, security, upstream Found in versions libarchive ...

An error in the lha_read_file_header_1() function (archive_read_support_format_lhac) in libarchive 322 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive ...

CWE-125 https://secunia.com/secunia_research/2017-3/https://github.com/libarchive/libarchive/commit/98dcbbf0bf4854bf987557e55e55fff7abbf3ea9 http://www.securityfocus.com/bid/95837 http://www.securitytracker.com/id/1037974 https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html https://usn.ubuntu.com/3225-1/https://nvd.nist.gov

CVE-2017-5601

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect