libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.
{"veracode": [{"lastseen": "2023-04-18T15:42:41", "description": "libarchive.so is vulnerable to denial of service (DoS) through heap-based buffer overflow attacks. The vulnerability exists in `atol10` and `atol08` of `libarchive/archive_read_support_format_xar.c` where a heap-based buffer overflow can occur when processing a malicious xar archive.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-04-18T07:13:15", "type": "veracode", "title": "Denial Of Service (DoS) Through Heap Buffer Overflow", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14166"], "modified": "2019-08-15T21:58:30", "id": "VERACODE:6140", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-6140/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "mageia": [{"lastseen": "2023-12-06T16:56:00", "description": "Heap-based buffer overflow in xml_data() in archive_read_support_format_xar.c (CVE-2017-14166). \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-10T15:36:09", "type": "mageia", "title": "Updated libarchive packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14166"], "modified": "2017-09-10T15:36:09", "id": "MGASA-2017-0337", "href": "https://advisories.mageia.org/MGASA-2017-0337.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2023-12-06T15:30:29", "description": "It was discovered that there was a denial of service vulnerability in the libarchive multi-format compression library. A specially crafted .xar archive could cause via a heap-based buffer over-read.\n\nFor Debian 7 'Wheezy', this issue has been fixed in libarchive version 3.0.4-3+wheezy6+deb7u1.\n\nWe recommend that you upgrade your libarchive packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-09-11T00:00:00", "type": "nessus", "title": "Debian DLA-1092-1 : libarchive security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14166"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:bsdcpio", "p-cpe:/a:debian:debian_linux:bsdtar", "p-cpe:/a:debian:debian_linux:libarchive-dev", "p-cpe:/a:debian:debian_linux:libarchive12", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1092.NASL", "href": "https://www.tenable.com/plugins/nessus/103092", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1092-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103092);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-14166\");\n\n script_name(english:\"Debian DLA-1092-1 : libarchive security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that there was a denial of service vulnerability in\nthe libarchive multi-format compression library. A specially crafted\n.xar archive could cause via a heap-based buffer over-read.\n\nFor Debian 7 'Wheezy', this issue has been fixed in libarchive version\n3.0.4-3+wheezy6+deb7u1.\n\nWe recommend that you upgrade your libarchive packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/09/msg00009.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/libarchive\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bsdcpio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bsdtar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libarchive-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libarchive12\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"bsdcpio\", reference:\"3.0.4-3+wheezy6+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"bsdtar\", reference:\"3.0.4-3+wheezy6+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libarchive-dev\", reference:\"3.0.4-3+wheezy6+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libarchive12\", reference:\"3.0.4-3+wheezy6+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:29:48", "description": "According to the versions of the libarchive package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.(CVE-2017-14166)\n\n - An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.(CVE-2017-14501 )\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-09-17T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : libarchive (EulerOS-SA-2019-1849)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14166", "CVE-2017-14501"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libarchive", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1849.NASL", "href": "https://www.tenable.com/plugins/nessus/128901", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128901);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-14166\",\n \"CVE-2017-14501\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : libarchive (EulerOS-SA-2019-1849)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libarchive package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - libarchive 3.3.2 allows remote attackers to cause a\n denial of service (xml_data heap-based buffer over-read\n and application crash) via a crafted xar archive,\n related to the mishandling of empty strings in the\n atol8 function in\n archive_read_support_format_xar.c.(CVE-2017-14166)\n\n - An out-of-bounds read flaw exists in parse_file_info in\n archive_read_support_format_iso9660.c in libarchive\n 3.3.2 when extracting a specially crafted iso9660 iso\n file, related to\n archive_read_format_iso9660_read_header.(CVE-2017-14501\n )\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1849\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6f5a72dd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libarchive packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libarchive\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libarchive-3.1.2-10.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libarchive\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:33:39", "description": "According to the versions of the libarchive package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.(CVE-2017-14166)\n\n - An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.(CVE-2017-14501 )\n\n - libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.(CVE-2017-14503)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-12-03T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.3.0 : libarchive (EulerOS-SA-2019-2322)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14166", "CVE-2017-14501", "CVE-2017-14503"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libarchive", "cpe:/o:huawei:euleros:uvp:3.0.3.0"], "id": "EULEROS_SA-2019-2322.NASL", "href": "https://www.tenable.com/plugins/nessus/131487", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131487);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-14166\",\n \"CVE-2017-14501\",\n \"CVE-2017-14503\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.3.0 : libarchive (EulerOS-SA-2019-2322)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libarchive package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - libarchive 3.3.2 allows remote attackers to cause a\n denial of service (xml_data heap-based buffer over-read\n and application crash) via a crafted xar archive,\n related to the mishandling of empty strings in the\n atol8 function in\n archive_read_support_format_xar.c.(CVE-2017-14166)\n\n - An out-of-bounds read flaw exists in parse_file_info in\n archive_read_support_format_iso9660.c in libarchive\n 3.3.2 when extracting a specially crafted iso9660 iso\n file, related to\n archive_read_format_iso9660_read_header.(CVE-2017-14501\n )\n\n - libarchive 3.3.2 suffers from an out-of-bounds read\n within lha_read_data_none() in\n archive_read_support_format_lha.c when extracting a\n specially crafted lha archive, related to\n lha_crc16.(CVE-2017-14503)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2322\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c4ee97c5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libarchive packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libarchive\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.3.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.3.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.3.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"libarchive-3.3.2-2.h4.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libarchive\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:02", "description": "The remote host is affected by the vulnerability described in GLSA-201908-11 (libarchive: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in libarchive. Please review the CVE identifiers referenced below for details.\n Impact :\n\n Please review the referenced CVE identifiers for details.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2019-08-20T00:00:00", "type": "nessus", "title": "GLSA-201908-11 : libarchive: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14166", "CVE-2017-14501", "CVE-2017-14502", "CVE-2017-14503"], "modified": "2020-01-02T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:libarchive", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201908-11.NASL", "href": "https://www.tenable.com/plugins/nessus/127960", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201908-11.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127960);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\"CVE-2017-14166\", \"CVE-2017-14501\", \"CVE-2017-14502\", \"CVE-2017-14503\");\n script_xref(name:\"GLSA\", value:\"201908-11\");\n\n script_name(english:\"GLSA-201908-11 : libarchive: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201908-11\n(libarchive: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in libarchive. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201908-11\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All libarchive users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-arch/libarchive-3.3.3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:libarchive\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-arch/libarchive\", unaffected:make_list(\"ge 3.3.3\"), vulnerable:make_list(\"lt 3.3.3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libarchive\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-27T14:52:31", "description": "It was discovered that libarchive incorrectly handled certain archive files. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10209, CVE-2016-10349, CVE-2016-10350)\n\nAgostino Sarubbo discovered that libarchive incorrectly handled certain XAR files. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-14166)\n\nIt was discovered that libarchive incorrectly handled certain files. A remote attacker could possibly use this issue to get access to sensitive information. (CVE-2017-14501, CVE-2017-14503).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-08-14T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : libarchive vulnerabilities (USN-3736-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10209", "CVE-2016-10349", "CVE-2016-10350", "CVE-2017-14166", "CVE-2017-14501", "CVE-2017-14503"], "modified": "2023-10-20T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libarchive13", "cpe:/o:canonical:ubuntu_linux:14.04:-:lts", "cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:bsdcpio", "p-cpe:/a:canonical:ubuntu_linux:bsdtar", "p-cpe:/a:canonical:ubuntu_linux:libarchive-dev", "p-cpe:/a:canonical:ubuntu_linux:libarchive-tools"], "id": "UBUNTU_USN-3736-1.NASL", "href": "https://www.tenable.com/plugins/nessus/111672", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3736-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(111672);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2016-10209\",\n \"CVE-2016-10349\",\n \"CVE-2016-10350\",\n \"CVE-2017-14166\",\n \"CVE-2017-14501\",\n \"CVE-2017-14503\"\n );\n script_xref(name:\"USN\", value:\"3736-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : libarchive vulnerabilities (USN-3736-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"It was discovered that libarchive incorrectly handled certain archive\nfiles. A remote attacker could possibly use this issue to cause a\ndenial of service. This issue only affected Ubuntu 14.04 LTS and\nUbuntu 16.04 LTS. (CVE-2016-10209, CVE-2016-10349, CVE-2016-10350)\n\nAgostino Sarubbo discovered that libarchive incorrectly handled\ncertain XAR files. A remote attacker could possibly use this issue to\ncause a denial of service. This issue only affected Ubuntu 14.04 LTS\nand Ubuntu 16.04 LTS. (CVE-2017-14166)\n\nIt was discovered that libarchive incorrectly handled certain files. A\nremote attacker could possibly use this issue to get access to\nsensitive information. (CVE-2017-14501, CVE-2017-14503).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-3736-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-14503\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libarchive13\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:bsdcpio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:bsdtar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libarchive-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libarchive-tools\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('14.04' >< os_release || '16.04' >< os_release || '18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04 / 16.04 / 18.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '14.04', 'pkgname': 'bsdcpio', 'pkgver': '3.1.2-7ubuntu2.6'},\n {'osver': '14.04', 'pkgname': 'bsdtar', 'pkgver': '3.1.2-7ubuntu2.6'},\n {'osver': '14.04', 'pkgname': 'libarchive-dev', 'pkgver': '3.1.2-7ubuntu2.6'},\n {'osver': '14.04', 'pkgname': 'libarchive13', 'pkgver': '3.1.2-7ubuntu2.6'},\n {'osver': '16.04', 'pkgname': 'bsdcpio', 'pkgver': '3.1.2-11ubuntu0.16.04.4'},\n {'osver': '16.04', 'pkgname': 'bsdtar', 'pkgver': '3.1.2-11ubuntu0.16.04.4'},\n {'osver': '16.04', 'pkgname': 'libarchive-dev', 'pkgver': '3.1.2-11ubuntu0.16.04.4'},\n {'osver': '16.04', 'pkgname': 'libarchive13', 'pkgver': '3.1.2-11ubuntu0.16.04.4'},\n {'osver': '18.04', 'pkgname': 'bsdcpio', 'pkgver': '3.2.2-3.1ubuntu0.1'},\n {'osver': '18.04', 'pkgname': 'bsdtar', 'pkgver': '3.2.2-3.1ubuntu0.1'},\n {'osver': '18.04', 'pkgname': 'libarchive-dev', 'pkgver': '3.2.2-3.1ubuntu0.1'},\n {'osver': '18.04', 'pkgname': 'libarchive-tools', 'pkgver': '3.2.2-3.1ubuntu0.1'},\n {'osver': '18.04', 'pkgname': 'libarchive13', 'pkgver': '3.2.2-3.1ubuntu0.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bsdcpio / bsdtar / libarchive-dev / libarchive-tools / libarchive13');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-23T14:17:06", "description": "This update for libarchive fixes the following issues :\n\n - CVE-2016-10209: The archive_wstring_append_from_mbs function in archive_string.c allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file.\n (bsc#1032089)\n\n - CVE-2016-10349: The archive_le32dec function in archive_endian.h allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (bsc#1037008)\n\n - CVE-2016-10350: The archive_read_format_cab_read_header function in archive_read_support_format_cab.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (bsc#1037009)\n\n - CVE-2017-14166: libarchive allowed remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.\n (bsc#1057514)\n\n - CVE-2017-14501: An out-of-bounds read flaw existed in parse_file_info in archive_read_support_format_iso9660.c when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.\n (bsc#1059139)\n\n - CVE-2017-14502: read_header in archive_read_support_format_rar.c suffered from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. (bsc#1059134)\n\n - CVE-2017-14503: libarchive suffered from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.\n (bsc#1059100)\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {}, "published": "2018-11-10T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libarchive (openSUSE-2018-1366)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10209", "CVE-2016-10349", "CVE-2016-10350", "CVE-2017-14166", "CVE-2017-14501", "CVE-2017-14502", "CVE-2017-14503"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:bsdtar", "p-cpe:/a:novell:opensuse:bsdtar-debuginfo", "p-cpe:/a:novell:opensuse:libarchive-debugsource", "p-cpe:/a:novell:opensuse:libarchive-devel", "p-cpe:/a:novell:opensuse:libarchive13", "p-cpe:/a:novell:opensuse:libarchive13-32bit", "p-cpe:/a:novell:opensuse:libarchive13-debuginfo", "p-cpe:/a:novell:opensuse:libarchive13-debuginfo-32bit", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-1366.NASL", "href": "https://www.tenable.com/plugins/nessus/118872", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1366.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118872);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-10209\", \"CVE-2016-10349\", \"CVE-2016-10350\", \"CVE-2017-14166\", \"CVE-2017-14501\", \"CVE-2017-14502\", \"CVE-2017-14503\");\n\n script_name(english:\"openSUSE Security Update : libarchive (openSUSE-2018-1366)\");\n script_summary(english:\"Check for the openSUSE-2018-1366 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libarchive fixes the following issues :\n\n - CVE-2016-10209: The archive_wstring_append_from_mbs\n function in archive_string.c allowed remote attackers to\n cause a denial of service (NULL pointer dereference and\n application crash) via a crafted archive file.\n (bsc#1032089)\n\n - CVE-2016-10349: The archive_le32dec function in\n archive_endian.h allowed remote attackers to cause a\n denial of service (heap-based buffer over-read and\n application crash) via a crafted file. (bsc#1037008)\n\n - CVE-2016-10350: The archive_read_format_cab_read_header\n function in archive_read_support_format_cab.c allowed\n remote attackers to cause a denial of service\n (heap-based buffer over-read and application crash) via\n a crafted file. (bsc#1037009)\n\n - CVE-2017-14166: libarchive allowed remote attackers to\n cause a denial of service (xml_data heap-based buffer\n over-read and application crash) via a crafted xar\n archive, related to the mishandling of empty strings in\n the atol8 function in archive_read_support_format_xar.c.\n (bsc#1057514)\n\n - CVE-2017-14501: An out-of-bounds read flaw existed in\n parse_file_info in archive_read_support_format_iso9660.c\n when extracting a specially crafted iso9660 iso file,\n related to archive_read_format_iso9660_read_header.\n (bsc#1059139)\n\n - CVE-2017-14502: read_header in\n archive_read_support_format_rar.c suffered from an\n off-by-one error for UTF-16 names in RAR archives,\n leading to an out-of-bounds read in\n archive_read_format_rar_read_header. (bsc#1059134)\n\n - CVE-2017-14503: libarchive suffered from an\n out-of-bounds read within lha_read_data_none() in\n archive_read_support_format_lha.c when extracting a\n specially crafted lha archive, related to lha_crc16.\n (bsc#1059100)\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1032089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1037008\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1037009\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1057514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1059100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1059134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1059139\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libarchive packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bsdtar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bsdtar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libarchive-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libarchive-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libarchive13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libarchive13-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libarchive13-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libarchive13-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"bsdtar-3.1.2-20.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"bsdtar-debuginfo-3.1.2-20.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libarchive-debugsource-3.1.2-20.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libarchive-devel-3.1.2-20.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libarchive13-3.1.2-20.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libarchive13-debuginfo-3.1.2-20.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libarchive13-32bit-3.1.2-20.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libarchive13-debuginfo-32bit-3.1.2-20.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bsdtar / bsdtar-debuginfo / libarchive-debugsource / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-23T14:16:36", "description": "This update for libarchive fixes the following issues :\n\nCVE-2016-10209: The archive_wstring_append_from_mbs function in archive_string.c allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file. (bsc#1032089)\n\nCVE-2016-10349: The archive_le32dec function in archive_endian.h allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.\n(bsc#1037008)\n\nCVE-2016-10350: The archive_read_format_cab_read_header function in archive_read_support_format_cab.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (bsc#1037009)\n\nCVE-2017-14166: libarchive allowed remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.\n(bsc#1057514)\n\nCVE-2017-14501: An out-of-bounds read flaw existed in parse_file_info in archive_read_support_format_iso9660.c when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header. (bsc#1059139)\n\nCVE-2017-14502: read_header in archive_read_support_format_rar.c suffered from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. (bsc#1059134)\n\nCVE-2017-14503: libarchive suffered from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.\n(bsc#1059100)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-11-08T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : libarchive (SUSE-SU-2018:3640-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10209", "CVE-2016-10349", "CVE-2016-10350", "CVE-2017-14166", "CVE-2017-14501", "CVE-2017-14502", "CVE-2017-14503"], "modified": "2021-04-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libarchive-debugsource", "p-cpe:/a:novell:suse_linux:libarchive13", "p-cpe:/a:novell:suse_linux:libarchive13-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-3640-1.NASL", "href": "https://www.tenable.com/plugins/nessus/118819", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3640-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118819);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/14\");\n\n script_cve_id(\"CVE-2016-10209\", \"CVE-2016-10349\", \"CVE-2016-10350\", \"CVE-2017-14166\", \"CVE-2017-14501\", \"CVE-2017-14502\", \"CVE-2017-14503\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : libarchive (SUSE-SU-2018:3640-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for libarchive fixes the following issues :\n\nCVE-2016-10209: The archive_wstring_append_from_mbs function in\narchive_string.c allowed remote attackers to cause a denial of service\n(NULL pointer dereference and application crash) via a crafted archive\nfile. (bsc#1032089)\n\nCVE-2016-10349: The archive_le32dec function in archive_endian.h\nallowed remote attackers to cause a denial of service (heap-based\nbuffer over-read and application crash) via a crafted file.\n(bsc#1037008)\n\nCVE-2016-10350: The archive_read_format_cab_read_header function in\narchive_read_support_format_cab.c allowed remote attackers to cause a\ndenial of service (heap-based buffer over-read and application crash)\nvia a crafted file. (bsc#1037009)\n\nCVE-2017-14166: libarchive allowed remote attackers to cause a denial\nof service (xml_data heap-based buffer over-read and application\ncrash) via a crafted xar archive, related to the mishandling of empty\nstrings in the atol8 function in archive_read_support_format_xar.c.\n(bsc#1057514)\n\nCVE-2017-14501: An out-of-bounds read flaw existed in parse_file_info\nin archive_read_support_format_iso9660.c when extracting a specially\ncrafted iso9660 iso file, related to\narchive_read_format_iso9660_read_header. (bsc#1059139)\n\nCVE-2017-14502: read_header in archive_read_support_format_rar.c\nsuffered from an off-by-one error for UTF-16 names in RAR archives,\nleading to an out-of-bounds read in\narchive_read_format_rar_read_header. (bsc#1059134)\n\nCVE-2017-14503: libarchive suffered from an out-of-bounds read within\nlha_read_data_none() in archive_read_support_format_lha.c when\nextracting a specially crafted lha archive, related to lha_crc16.\n(bsc#1059100)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037008\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037009\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1059100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1059134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1059139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10209/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10349/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10350/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14166/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14501/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14502/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14503/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183640-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8ecea793\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-2594=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-2594=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-2594=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libarchive-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libarchive13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libarchive13-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libarchive-debugsource-3.1.2-26.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libarchive13-3.1.2-26.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libarchive13-debuginfo-3.1.2-26.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libarchive-debugsource-3.1.2-26.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libarchive13-3.1.2-26.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libarchive13-debuginfo-3.1.2-26.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libarchive\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:43:17", "description": "This update for libarchive fixes the following issues :\n\nCVE-2016-10209: The archive_wstring_append_from_mbs function in archive_string.c allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file. (bsc#1032089)\n\nCVE-2016-10349: The archive_le32dec function in archive_endian.h allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.\n(bsc#1037008)\n\nCVE-2016-10350: The archive_read_format_cab_read_header function in archive_read_support_format_cab.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (bsc#1037009)\n\nCVE-2017-14166: libarchive allowed remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.\n(bsc#1057514)\n\nCVE-2017-14501: An out-of-bounds read flaw existed in parse_file_info in archive_read_support_format_iso9660.c when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header. (bsc#1059139)\n\nCVE-2017-14502: read_header in archive_read_support_format_rar.c suffered from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. (bsc#1059134)\n\nCVE-2017-14503: libarchive suffered from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.\n(bsc#1059100)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-12-10T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : libarchive (SUSE-SU-2018:3640-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10209", "CVE-2016-10349", "CVE-2016-10350", "CVE-2017-14166", "CVE-2017-14501", "CVE-2017-14502", "CVE-2017-14503"], "modified": "2020-05-11T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libarchive-debugsource", "p-cpe:/a:novell:suse_linux:libarchive13", "p-cpe:/a:novell:suse_linux:libarchive13-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-3640-2.NASL", "href": "https://www.tenable.com/plugins/nessus/119552", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3640-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119552);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/11\");\n\n script_cve_id(\"CVE-2016-10209\", \"CVE-2016-10349\", \"CVE-2016-10350\", \"CVE-2017-14166\", \"CVE-2017-14501\", \"CVE-2017-14502\", \"CVE-2017-14503\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : libarchive (SUSE-SU-2018:3640-2)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libarchive fixes the following issues :\n\nCVE-2016-10209: The archive_wstring_append_from_mbs function in\narchive_string.c allowed remote attackers to cause a denial of service\n(NULL pointer dereference and application crash) via a crafted archive\nfile. (bsc#1032089)\n\nCVE-2016-10349: The archive_le32dec function in archive_endian.h\nallowed remote attackers to cause a denial of service (heap-based\nbuffer over-read and application crash) via a crafted file.\n(bsc#1037008)\n\nCVE-2016-10350: The archive_read_format_cab_read_header function in\narchive_read_support_format_cab.c allowed remote attackers to cause a\ndenial of service (heap-based buffer over-read and application crash)\nvia a crafted file. (bsc#1037009)\n\nCVE-2017-14166: libarchive allowed remote attackers to cause a denial\nof service (xml_data heap-based buffer over-read and application\ncrash) via a crafted xar archive, related to the mishandling of empty\nstrings in the atol8 function in archive_read_support_format_xar.c.\n(bsc#1057514)\n\nCVE-2017-14501: An out-of-bounds read flaw existed in parse_file_info\nin archive_read_support_format_iso9660.c when extracting a specially\ncrafted iso9660 iso file, related to\narchive_read_format_iso9660_read_header. (bsc#1059139)\n\nCVE-2017-14502: read_header in archive_read_support_format_rar.c\nsuffered from an off-by-one error for UTF-16 names in RAR archives,\nleading to an out-of-bounds read in\narchive_read_format_rar_read_header. (bsc#1059134)\n\nCVE-2017-14503: libarchive suffered from an out-of-bounds read within\nlha_read_data_none() in archive_read_support_format_lha.c when\nextracting a specially crafted lha archive, related to lha_crc16.\n(bsc#1059100)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037008\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037009\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1059100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1059134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1059139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10209/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10349/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10350/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14166/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14501/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14502/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14503/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183640-2/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d327e603\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2018-2594=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2018-2594=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2018-2594=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libarchive-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libarchive13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libarchive13-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libarchive-debugsource-3.1.2-26.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libarchive13-3.1.2-26.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libarchive13-debuginfo-3.1.2-26.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libarchive-debugsource-3.1.2-26.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libarchive13-3.1.2-26.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libarchive13-debuginfo-3.1.2-26.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libarchive\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:43:11", "description": "Multiple security issues were found in libarchive, a multi-format archive and compression library: Processing malformed RAR archives could result in denial of service or the execution of arbitrary code and malformed WARC, LHarc, ISO, Xar or CAB archives could result in denial of service.", "cvss3": {}, "published": "2018-12-28T00:00:00", "type": "nessus", "title": "Debian DSA-4360-1 : libarchive - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10209", "CVE-2016-10349", "CVE-2016-10350", "CVE-2017-14166", "CVE-2017-14501", "CVE-2017-14502", "CVE-2017-14503", "CVE-2018-1000877", "CVE-2018-1000878", "CVE-2018-1000880"], "modified": "2020-03-25T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libarchive", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4360.NASL", "href": "https://www.tenable.com/plugins/nessus/119893", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4360. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119893);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/25\");\n\n script_cve_id(\"CVE-2016-10209\", \"CVE-2016-10349\", \"CVE-2016-10350\", \"CVE-2017-14166\", \"CVE-2017-14501\", \"CVE-2017-14502\", \"CVE-2017-14503\", \"CVE-2018-1000877\", \"CVE-2018-1000878\", \"CVE-2018-1000880\");\n script_xref(name:\"DSA\", value:\"4360\");\n\n script_name(english:\"Debian DSA-4360-1 : libarchive - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues were found in libarchive, a multi-format\narchive and compression library: Processing malformed RAR archives\ncould result in denial of service or the execution of arbitrary code\nand malformed WARC, LHarc, ISO, Xar or CAB archives could result in\ndenial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/libarchive\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/libarchive\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4360\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libarchive packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 3.2.2-2+deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libarchive\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"bsdcpio\", reference:\"3.2.2-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"bsdtar\", reference:\"3.2.2-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libarchive-dev\", reference:\"3.2.2-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libarchive-tools\", reference:\"3.2.2-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libarchive13\", reference:\"3.2.2-2+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:31:46", "description": "According to the versions of the libarchive package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.(CVE-2015-2304)\n\n - An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.(CVE-2017-14501 )\n\n - archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.(CVE-2019-18408)\n\n - bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file.(CVE-2015-8915)\n\n - libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.(CVE-2017-14166)\n\n - libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.(CVE-2017-14503)\n\n - The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.(CVE-2016-10349)\n\n - The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.(CVE-2016-10350)\n\n - The archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file.(CVE-2016-10209)\n\n - The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c.(CVE-201 6-8688)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-12-18T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : libarchive (EulerOS-SA-2019-2604)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-2304", "CVE-2015-8915", "CVE-2016-10209", "CVE-2016-10349", "CVE-2016-10350", "CVE-2016-8688", "CVE-2017-14166", "CVE-2017-14501", "CVE-2017-14503", "CVE-2019-18408"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libarchive", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2604.NASL", "href": "https://www.tenable.com/plugins/nessus/132139", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132139);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2015-2304\",\n \"CVE-2015-8915\",\n \"CVE-2016-10209\",\n \"CVE-2016-10349\",\n \"CVE-2016-10350\",\n \"CVE-2016-8688\",\n \"CVE-2017-14166\",\n \"CVE-2017-14501\",\n \"CVE-2017-14503\",\n \"CVE-2019-18408\"\n );\n script_bugtraq_id(\n 73137\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : libarchive (EulerOS-SA-2019-2604)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libarchive package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Absolute path traversal vulnerability in bsdcpio in\n libarchive 3.1.2 and earlier allows remote attackers to\n write to arbitrary files via a full pathname in an\n archive.(CVE-2015-2304)\n\n - An out-of-bounds read flaw exists in parse_file_info in\n archive_read_support_format_iso9660.c in libarchive\n 3.3.2 when extracting a specially crafted iso9660 iso\n file, related to\n archive_read_format_iso9660_read_header.(CVE-2017-14501\n )\n\n - archive_read_format_rar_read_data in\n archive_read_support_format_rar.c in libarchive before\n 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED\n situation, related to\n Ppmd7_DecodeSymbol.(CVE-2019-18408)\n\n - bsdcpio in libarchive before 3.2.0 allows remote\n attackers to cause a denial of service (invalid read\n and crash) via crafted cpio file.(CVE-2015-8915)\n\n - libarchive 3.3.2 allows remote attackers to cause a\n denial of service (xml_data heap-based buffer over-read\n and application crash) via a crafted xar archive,\n related to the mishandling of empty strings in the\n atol8 function in\n archive_read_support_format_xar.c.(CVE-2017-14166)\n\n - libarchive 3.3.2 suffers from an out-of-bounds read\n within lha_read_data_none() in\n archive_read_support_format_lha.c when extracting a\n specially crafted lha archive, related to\n lha_crc16.(CVE-2017-14503)\n\n - The archive_le32dec function in archive_endian.h in\n libarchive 3.2.2 allows remote attackers to cause a\n denial of service (heap-based buffer over-read and\n application crash) via a crafted file.(CVE-2016-10349)\n\n - The archive_read_format_cab_read_header function in\n archive_read_support_format_cab.c in libarchive 3.2.2\n allows remote attackers to cause a denial of service\n (heap-based buffer over-read and application crash) via\n a crafted file.(CVE-2016-10350)\n\n - The archive_wstring_append_from_mbs function in\n archive_string.c in libarchive 3.2.2 allows remote\n attackers to cause a denial of service (NULL pointer\n dereference and application crash) via a crafted\n archive file.(CVE-2016-10209)\n\n - The mtree bidder in libarchive 3.2.1 does not keep\n track of line sizes when extending the read-ahead,\n which allows remote attackers to cause a denial of\n service (crash) via a crafted file, which triggers an\n invalid read in the (1) detect_form or (2) bid_entry\n function in\n libarchive/archive_read_support_format_mtree.c.(CVE-201\n 6-8688)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2604\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6a4cb163\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libarchive packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libarchive\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libarchive-3.1.2-10.h7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libarchive\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:32:00", "description": "According to the versions of the libarchive package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive.(CVE-2016-8689)\n\n - Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename.(CVE-2016-8687)\n\n - libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.(CVE-2017-14503)\n\n - An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.(CVE-2017-14501 )\n\n - libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.(CVE-2017-14166)\n\n - The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c.(CVE-201 6-8688)\n\n - The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.(CVE-2016-10350)\n\n - The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.(CVE-2016-10349)\n\n - The archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file.(CVE-2016-10209)\n\n - Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file.(CVE-2015-8933)\n\n - bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file.(CVE-2015-8915)\n\n - Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.(CVE-2015-2304)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-11-08T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : libarchive (EulerOS-SA-2019-2202)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-2304", "CVE-2015-8915", "CVE-2015-8933", "CVE-2016-10209", "CVE-2016-10349", "CVE-2016-10350", "CVE-2016-8687", "CVE-2016-8688", "CVE-2016-8689", "CVE-2017-14166", "CVE-2017-14501", "CVE-2017-14503"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libarchive", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2202.NASL", "href": "https://www.tenable.com/plugins/nessus/130664", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130664);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2015-2304\",\n \"CVE-2015-8915\",\n \"CVE-2015-8933\",\n \"CVE-2016-10209\",\n \"CVE-2016-10349\",\n \"CVE-2016-10350\",\n \"CVE-2016-8687\",\n \"CVE-2016-8688\",\n \"CVE-2016-8689\",\n \"CVE-2017-14166\",\n \"CVE-2017-14501\",\n \"CVE-2017-14503\"\n );\n script_bugtraq_id(\n 73137\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : libarchive (EulerOS-SA-2019-2202)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libarchive package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The read_Header function in\n archive_read_support_format_7zip.c in libarchive 3.2.1\n allows remote attackers to cause a denial of service\n (out-of-bounds read) via multiple EmptyStream\n attributes in a header in a 7zip\n archive.(CVE-2016-8689)\n\n - Stack-based buffer overflow in the safe_fprintf\n function in tar/util.c in libarchive 3.2.1 allows\n remote attackers to cause a denial of service via a\n crafted non-printable multibyte character in a\n filename.(CVE-2016-8687)\n\n - libarchive 3.3.2 suffers from an out-of-bounds read\n within lha_read_data_none() in\n archive_read_support_format_lha.c when extracting a\n specially crafted lha archive, related to\n lha_crc16.(CVE-2017-14503)\n\n - An out-of-bounds read flaw exists in parse_file_info in\n archive_read_support_format_iso9660.c in libarchive\n 3.3.2 when extracting a specially crafted iso9660 iso\n file, related to\n archive_read_format_iso9660_read_header.(CVE-2017-14501\n )\n\n - libarchive 3.3.2 allows remote attackers to cause a\n denial of service (xml_data heap-based buffer over-read\n and application crash) via a crafted xar archive,\n related to the mishandling of empty strings in the\n atol8 function in\n archive_read_support_format_xar.c.(CVE-2017-14166)\n\n - The mtree bidder in libarchive 3.2.1 does not keep\n track of line sizes when extending the read-ahead,\n which allows remote attackers to cause a denial of\n service (crash) via a crafted file, which triggers an\n invalid read in the (1) detect_form or (2) bid_entry\n function in\n libarchive/archive_read_support_format_mtree.c.(CVE-201\n 6-8688)\n\n - The archive_read_format_cab_read_header function in\n archive_read_support_format_cab.c in libarchive 3.2.2\n allows remote attackers to cause a denial of service\n (heap-based buffer over-read and application crash) via\n a crafted file.(CVE-2016-10350)\n\n - The archive_le32dec function in archive_endian.h in\n libarchive 3.2.2 allows remote attackers to cause a\n denial of service (heap-based buffer over-read and\n application crash) via a crafted file.(CVE-2016-10349)\n\n - The archive_wstring_append_from_mbs function in\n archive_string.c in libarchive 3.2.2 allows remote\n attackers to cause a denial of service (NULL pointer\n dereference and application crash) via a crafted\n archive file.(CVE-2016-10209)\n\n - Integer overflow in the archive_read_format_tar_skip\n function in archive_read_support_format_tar.c in\n libarchive before 3.2.0 allows remote attackers to\n cause a denial of service (crash) via a crafted tar\n file.(CVE-2015-8933)\n\n - bsdcpio in libarchive before 3.2.0 allows remote\n attackers to cause a denial of service (invalid read\n and crash) via crafted cpio file.(CVE-2015-8915)\n\n - Absolute path traversal vulnerability in bsdcpio in\n libarchive 3.1.2 and earlier allows remote attackers to\n write to arbitrary files via a full pathname in an\n archive.(CVE-2015-2304)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2202\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0be7fa17\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libarchive packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libarchive\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libarchive-3.1.2-10.h7.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libarchive\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:42:43", "description": "Multiple security vulnerabilities were found in libarchive, a multi-format archive and compression library. Heap-based buffer over-reads, NULL pointer dereferences and out-of-bounds reads allow remote attackers to cause a denial of service (application crash) via specially crafted archive files.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 3.1.2-11+deb8u4.\n\nWe recommend that you upgrade your libarchive packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-11-30T00:00:00", "type": "nessus", "title": "Debian DLA-1600-1 : libarchive security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8915", "CVE-2016-10209", "CVE-2016-10349", "CVE-2016-10350", "CVE-2016-8687", "CVE-2016-8688", "CVE-2016-8689", "CVE-2017-14166", "CVE-2017-14501", "CVE-2017-14502", "CVE-2017-14503", "CVE-2017-5601"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:bsdcpio", "p-cpe:/a:debian:debian_linux:bsdtar", "p-cpe:/a:debian:debian_linux:libarchive-dev", "p-cpe:/a:debian:debian_linux:libarchive13", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1600.NASL", "href": "https://www.tenable.com/plugins/nessus/119289", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1600-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119289);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-8915\", \"CVE-2016-10209\", \"CVE-2016-10349\", \"CVE-2016-10350\", \"CVE-2016-8687\", \"CVE-2016-8688\", \"CVE-2016-8689\", \"CVE-2017-14166\", \"CVE-2017-14501\", \"CVE-2017-14502\", \"CVE-2017-14503\", \"CVE-2017-5601\");\n\n script_name(english:\"Debian DLA-1600-1 : libarchive security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Multiple security vulnerabilities were found in libarchive, a\nmulti-format archive and compression library. Heap-based buffer\nover-reads, NULL pointer dereferences and out-of-bounds reads allow\nremote attackers to cause a denial of service (application crash) via\nspecially crafted archive files.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n3.1.2-11+deb8u4.\n\nWe recommend that you upgrade your libarchive packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/libarchive\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bsdcpio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bsdtar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libarchive-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libarchive13\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"bsdcpio\", reference:\"3.1.2-11+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"bsdtar\", reference:\"3.1.2-11+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libarchive-dev\", reference:\"3.1.2-11+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libarchive13\", reference:\"3.1.2-11+deb8u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:03:57", "description": "According to the versions of the libarchive package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header.(CVE-2017-14502)\n\n - An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive.(CVE-2017-5601)\n\n - Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename.(CVE-2016-8687)\n\n - The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive.(CVE-2016-8689)\n\n - libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.(CVE-2017-14503)\n\n - An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.(CVE-2017-14501 )\n\n - libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.(CVE-2017-14166)\n\n - The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c.(CVE-201 6-8688)\n\n - The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.(CVE-2016-10350)\n\n - The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.(CVE-2016-10349)\n\n - The archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file.(CVE-2016-10209)\n\n - Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file.(CVE-2015-8933)\n\n - bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file.(CVE-2015-8915)\n\n - Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.(CVE-2015-2304)\n\n - archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.(CVE-2019-18408)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-03-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : libarchive (EulerOS-SA-2020-1226)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-2304", "CVE-2015-8915", "CVE-2015-8933", "CVE-2016-10209", "CVE-2016-10349", "CVE-2016-10350", "CVE-2016-8687", "CVE-2016-8688", "CVE-2016-8689", "CVE-2017-14166", "CVE-2017-14501", "CVE-2017-14502", "CVE-2017-14503", "CVE-2017-5601", "CVE-2019-18408"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libarchive", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2020-1226.NASL", "href": "https://www.tenable.com/plugins/nessus/134515", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134515);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2015-2304\",\n \"CVE-2015-8915\",\n \"CVE-2015-8933\",\n \"CVE-2016-10209\",\n \"CVE-2016-10349\",\n \"CVE-2016-10350\",\n \"CVE-2016-8687\",\n \"CVE-2016-8688\",\n \"CVE-2016-8689\",\n \"CVE-2017-14166\",\n \"CVE-2017-14501\",\n \"CVE-2017-14502\",\n \"CVE-2017-14503\",\n \"CVE-2017-5601\",\n \"CVE-2019-18408\"\n );\n script_bugtraq_id(\n 73137\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : libarchive (EulerOS-SA-2020-1226)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libarchive package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - read_header in archive_read_support_format_rar.c in\n libarchive 3.3.2 suffers from an off-by-one error for\n UTF-16 names in RAR archives, leading to an\n out-of-bounds read in\n archive_read_format_rar_read_header.(CVE-2017-14502)\n\n - An error in the lha_read_file_header_1() function\n (archive_read_support_format_lha.c) in libarchive 3.2.2\n allows remote attackers to trigger an out-of-bounds\n read memory access and subsequently cause a crash via a\n specially crafted archive.(CVE-2017-5601)\n\n - Stack-based buffer overflow in the safe_fprintf\n function in tar/util.c in libarchive 3.2.1 allows\n remote attackers to cause a denial of service via a\n crafted non-printable multibyte character in a\n filename.(CVE-2016-8687)\n\n - The read_Header function in\n archive_read_support_format_7zip.c in libarchive 3.2.1\n allows remote attackers to cause a denial of service\n (out-of-bounds read) via multiple EmptyStream\n attributes in a header in a 7zip\n archive.(CVE-2016-8689)\n\n - libarchive 3.3.2 suffers from an out-of-bounds read\n within lha_read_data_none() in\n archive_read_support_format_lha.c when extracting a\n specially crafted lha archive, related to\n lha_crc16.(CVE-2017-14503)\n\n - An out-of-bounds read flaw exists in parse_file_info in\n archive_read_support_format_iso9660.c in libarchive\n 3.3.2 when extracting a specially crafted iso9660 iso\n file, related to\n archive_read_format_iso9660_read_header.(CVE-2017-14501\n )\n\n - libarchive 3.3.2 allows remote attackers to cause a\n denial of service (xml_data heap-based buffer over-read\n and application crash) via a crafted xar archive,\n related to the mishandling of empty strings in the\n atol8 function in\n archive_read_support_format_xar.c.(CVE-2017-14166)\n\n - The mtree bidder in libarchive 3.2.1 does not keep\n track of line sizes when extending the read-ahead,\n which allows remote attackers to cause a denial of\n service (crash) via a crafted file, which triggers an\n invalid read in the (1) detect_form or (2) bid_entry\n function in\n libarchive/archive_read_support_format_mtree.c.(CVE-201\n 6-8688)\n\n - The archive_read_format_cab_read_header function in\n archive_read_support_format_cab.c in libarchive 3.2.2\n allows remote attackers to cause a denial of service\n (heap-based buffer over-read and application crash) via\n a crafted file.(CVE-2016-10350)\n\n - The archive_le32dec function in archive_endian.h in\n libarchive 3.2.2 allows remote attackers to cause a\n denial of service (heap-based buffer over-read and\n application crash) via a crafted file.(CVE-2016-10349)\n\n - The archive_wstring_append_from_mbs function in\n archive_string.c in libarchive 3.2.2 allows remote\n attackers to cause a denial of service (NULL pointer\n dereference and application crash) via a crafted\n archive file.(CVE-2016-10209)\n\n - Integer overflow in the archive_read_format_tar_skip\n function in archive_read_support_format_tar.c in\n libarchive before 3.2.0 allows remote attackers to\n cause a denial of service (crash) via a crafted tar\n file.(CVE-2015-8933)\n\n - bsdcpio in libarchive before 3.2.0 allows remote\n attackers to cause a denial of service (invalid read\n and crash) via crafted cpio file.(CVE-2015-8915)\n\n - Absolute path traversal vulnerability in bsdcpio in\n libarchive 3.1.2 and earlier allows remote attackers to\n write to arbitrary files via a full pathname in an\n archive.(CVE-2015-2304)\n\n - archive_read_format_rar_read_data in\n archive_read_support_format_rar.c in libarchive before\n 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED\n situation, related to\n Ppmd7_DecodeSymbol.(CVE-2019-18408)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1226\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?15e85b10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libarchive packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libarchive\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"libarchive-3.1.2-10.h8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libarchive\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:59:44", "description": "According to the versions of the libarchive package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file.(CVE-2019-1000020)\n\n - libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125:\n Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file.(CVE-2019-1000019)\n\n - The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to 'overlapping memcpy.'(CVE-2015-8918)\n\n - read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header.(CVE-2017-14502)\n\n - An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive.(CVE-2017-5601)\n\n - Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename.(CVE-2016-8687)\n\n - The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive.(CVE-2016-8689)\n\n - libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.(CVE-2017-14503)\n\n - An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.(CVE-2017-14501 )\n\n - libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.(CVE-2017-14166)\n\n - The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c.(CVE-201 6-8688)\n\n - The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.(CVE-2016-10350)\n\n - The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.(CVE-2016-10349)\n\n - The archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file.(CVE-2016-10209)\n\n - Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file.(CVE-2015-8933)\n\n - bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file.(CVE-2015-8915)\n\n - Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.(CVE-2015-2304)\n\n - archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.(CVE-2019-18408)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-04-16T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.2.2 : libarchive (EulerOS-SA-2020-1488)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-2304", "CVE-2015-8915", "CVE-2015-8918", "CVE-2015-8933", "CVE-2016-10209", "CVE-2016-10349", "CVE-2016-10350", "CVE-2016-8687", "CVE-2016-8688", "CVE-2016-8689", "CVE-2017-14166", "CVE-2017-14501", "CVE-2017-14502", "CVE-2017-14503", "CVE-2017-5601", "CVE-2019-1000019", "CVE-2019-1000020", "CVE-2019-18408"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libarchive", "cpe:/o:huawei:euleros:uvp:3.0.2.2"], "id": "EULEROS_SA-2020-1488.NASL", "href": "https://www.tenable.com/plugins/nessus/135650", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135650);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2015-2304\",\n \"CVE-2015-8915\",\n \"CVE-2015-8918\",\n \"CVE-2015-8933\",\n \"CVE-2016-10209\",\n \"CVE-2016-10349\",\n \"CVE-2016-10350\",\n \"CVE-2016-8687\",\n \"CVE-2016-8688\",\n \"CVE-2016-8689\",\n \"CVE-2017-14166\",\n \"CVE-2017-14501\",\n \"CVE-2017-14502\",\n \"CVE-2017-14503\",\n \"CVE-2017-5601\",\n \"CVE-2019-1000019\",\n \"CVE-2019-1000020\",\n \"CVE-2019-18408\"\n );\n script_bugtraq_id(\n 73137\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.2.2 : libarchive (EulerOS-SA-2020-1488)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libarchive package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - libarchive version commit\n 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards\n (version v2.8.0 onwards) contains a CWE-835: Loop with\n Unreachable Exit Condition ('Infinite Loop')\n vulnerability in ISO9660 parser,\n archive_read_support_format_iso9660.c,\n read_CE()/parse_rockridge() that can result in DoS by\n infinite loop. This attack appears to be exploitable\n via the victim opening a specially crafted ISO9660\n file.(CVE-2019-1000020)\n\n - libarchive version commit\n bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards\n (release v3.0.2 onwards) contains a CWE-125:\n Out-of-bounds Read vulnerability in 7zip decompression,\n archive_read_support_format_7zip.c, header_bytes() that\n can result in a crash (denial of service). This attack\n appears to be exploitable via the victim opening a\n specially crafted 7zip file.(CVE-2019-1000019)\n\n - The archive_string_append function in archive_string.c\n in libarchive before 3.2.0 allows remote attackers to\n cause a denial of service (crash) via a crafted cab\n files, related to 'overlapping memcpy.'(CVE-2015-8918)\n\n - read_header in archive_read_support_format_rar.c in\n libarchive 3.3.2 suffers from an off-by-one error for\n UTF-16 names in RAR archives, leading to an\n out-of-bounds read in\n archive_read_format_rar_read_header.(CVE-2017-14502)\n\n - An error in the lha_read_file_header_1() function\n (archive_read_support_format_lha.c) in libarchive 3.2.2\n allows remote attackers to trigger an out-of-bounds\n read memory access and subsequently cause a crash via a\n specially crafted archive.(CVE-2017-5601)\n\n - Stack-based buffer overflow in the safe_fprintf\n function in tar/util.c in libarchive 3.2.1 allows\n remote attackers to cause a denial of service via a\n crafted non-printable multibyte character in a\n filename.(CVE-2016-8687)\n\n - The read_Header function in\n archive_read_support_format_7zip.c in libarchive 3.2.1\n allows remote attackers to cause a denial of service\n (out-of-bounds read) via multiple EmptyStream\n attributes in a header in a 7zip\n archive.(CVE-2016-8689)\n\n - libarchive 3.3.2 suffers from an out-of-bounds read\n within lha_read_data_none() in\n archive_read_support_format_lha.c when extracting a\n specially crafted lha archive, related to\n lha_crc16.(CVE-2017-14503)\n\n - An out-of-bounds read flaw exists in parse_file_info in\n archive_read_support_format_iso9660.c in libarchive\n 3.3.2 when extracting a specially crafted iso9660 iso\n file, related to\n archive_read_format_iso9660_read_header.(CVE-2017-14501\n )\n\n - libarchive 3.3.2 allows remote attackers to cause a\n denial of service (xml_data heap-based buffer over-read\n and application crash) via a crafted xar archive,\n related to the mishandling of empty strings in the\n atol8 function in\n archive_read_support_format_xar.c.(CVE-2017-14166)\n\n - The mtree bidder in libarchive 3.2.1 does not keep\n track of line sizes when extending the read-ahead,\n which allows remote attackers to cause a denial of\n service (crash) via a crafted file, which triggers an\n invalid read in the (1) detect_form or (2) bid_entry\n function in\n libarchive/archive_read_support_format_mtree.c.(CVE-201\n 6-8688)\n\n - The archive_read_format_cab_read_header function in\n archive_read_support_format_cab.c in libarchive 3.2.2\n allows remote attackers to cause a denial of service\n (heap-based buffer over-read and application crash) via\n a crafted file.(CVE-2016-10350)\n\n - The archive_le32dec function in archive_endian.h in\n libarchive 3.2.2 allows remote attackers to cause a\n denial of service (heap-based buffer over-read and\n application crash) via a crafted file.(CVE-2016-10349)\n\n - The archive_wstring_append_from_mbs function in\n archive_string.c in libarchive 3.2.2 allows remote\n attackers to cause a denial of service (NULL pointer\n dereference and application crash) via a crafted\n archive file.(CVE-2016-10209)\n\n - Integer overflow in the archive_read_format_tar_skip\n function in archive_read_support_format_tar.c in\n libarchive before 3.2.0 allows remote attackers to\n cause a denial of service (crash) via a crafted tar\n file.(CVE-2015-8933)\n\n - bsdcpio in libarchive before 3.2.0 allows remote\n attackers to cause a denial of service (invalid read\n and crash) via crafted cpio file.(CVE-2015-8915)\n\n - Absolute path traversal vulnerability in bsdcpio in\n libarchive 3.1.2 and earlier allows remote attackers to\n write to arbitrary files via a full pathname in an\n archive.(CVE-2015-2304)\n\n - archive_read_format_rar_read_data in\n archive_read_support_format_rar.c in libarchive before\n 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED\n situation, related to\n Ppmd7_DecodeSymbol.(CVE-2019-18408)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1488\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e4a17127\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libarchive packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libarchive\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.2\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.2\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libarchive-3.1.2-10.h8.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libarchive\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "openvas": [{"lastseen": "2020-01-29T20:07:23", "description": "It was discovered that there was a denial of service vulnerability in the\nlibarchive multi-format compression library. A specially-crafted .xar\narchive could cause via a heap-based buffer over-read.", "cvss3": {}, "published": "2018-02-07T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for libarchive (DLA-1092-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14166"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891092", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891092", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891092\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-14166\");\n script_name(\"Debian LTS: Security Advisory for libarchive (DLA-1092-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-07 00:00:00 +0100 (Wed, 07 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/09/msg00009.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"libarchive on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', this issue has been fixed in libarchive version\n3.0.4-3+wheezy6+deb7u1.\n\nWe recommend that you upgrade your libarchive packages.\");\n\n script_tag(name:\"summary\", value:\"It was discovered that there was a denial of service vulnerability in the\nlibarchive multi-format compression library. A specially-crafted .xar\narchive could cause via a heap-based buffer over-read.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"bsdcpio\", ver:\"3.0.4-3+wheezy6+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"bsdtar\", ver:\"3.0.4-3+wheezy6+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libarchive-dev\", ver:\"3.0.4-3+wheezy6+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libarchive12\", ver:\"3.0.4-3+wheezy6+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:40:02", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libarchive (EulerOS-SA-2019-1849)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14166", "CVE-2017-14501"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191849", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191849", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1849\");\n script_version(\"2020-01-23T12:24:43+0000\");\n script_cve_id(\"CVE-2017-14166\", \"CVE-2017-14501\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:24:43 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:24:43 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libarchive (EulerOS-SA-2019-1849)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1849\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1849\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libarchive' package(s) announced via the EulerOS-SA-2019-1849 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.(CVE-2017-14166)\n\nAn out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.(CVE-2017-14501)\");\n\n script_tag(name:\"affected\", value:\"'libarchive' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libarchive\", rpm:\"libarchive~3.1.2~10.h2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:34:10", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libarchive (EulerOS-SA-2019-2322)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14166", "CVE-2017-14503", "CVE-2017-14501"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192322", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192322", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2322\");\n script_version(\"2020-01-23T12:47:05+0000\");\n script_cve_id(\"CVE-2017-14166\", \"CVE-2017-14501\", \"CVE-2017-14503\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:47:05 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:47:05 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libarchive (EulerOS-SA-2019-2322)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.3\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2322\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2322\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libarchive' package(s) announced via the EulerOS-SA-2019-2322 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.(CVE-2017-14166)\n\nAn out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.(CVE-2017-14501)\n\nlibarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.(CVE-2017-14503)\");\n\n script_tag(name:\"affected\", value:\"'libarchive' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.3.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.3.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libarchive\", rpm:\"libarchive~3.3.2~2.h4.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.3.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:32:18", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-07T00:00:00", "type": "openvas", "title": "Fedora Update for libarchive FEDORA-2018-7734354526", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10349", "CVE-2017-14502", "CVE-2017-14166", "CVE-2017-14503", "CVE-2017-14501", "CVE-2016-10350"], "modified": "2019-05-14T00:00:00", "id": "OPENVAS:1361412562310875610", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875610", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875610\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2016-10349\", \"CVE-2016-10350\", \"CVE-2017-14166\", \"CVE-2017-14501\", \"CVE-2017-14502\", \"CVE-2017-14503\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:11:57 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for libarchive FEDORA-2018-7734354526\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2018-7734354526\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GW5LXYQOJHWBJIZWPM5VHHPPC4B53P3M\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libarchive'\n package(s) announced via the FEDORA-2018-7734354526 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Libarchive is a programming library that can create and read several different\nstreaming archive formats, including most popular tar variants, several cpio\nformats, and both BSD and GNU ar variants. It can also write shar archives and\nread ISO9660 CDROM images and ZIP archives.\");\n\n script_tag(name:\"affected\", value:\"'libarchive' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libarchive\", rpm:\"libarchive~3.3.3~1.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:08", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-12-04T00:00:00", "type": "openvas", "title": "Fedora Update for libarchive FEDORA-2018-20c24949c0", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10349", "CVE-2017-14502", "CVE-2017-14166", "CVE-2017-14503", "CVE-2017-14501", "CVE-2016-10350"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875306", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875306", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_20c24949c0_libarchive_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for libarchive FEDORA-2018-20c24949c0\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875306\");\n script_version(\"$Revision: 14223 $\");\n script_cve_id(\"CVE-2016-10349\", \"CVE-2016-10350\", \"CVE-2017-14166\", \"CVE-2017-14501\", \"CVE-2017-14502\", \"CVE-2017-14503\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-12-04 08:23:42 +0100 (Tue, 04 Dec 2018)\");\n script_name(\"Fedora Update for libarchive FEDORA-2018-20c24949c0\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2018-20c24949c0\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QAHTQQHWOKYDFRYOU5GWTJVHWQNV32FQ\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libarchive'\n package(s) announced via the FEDORA-2018-20c24949c0 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"libarchive on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"libarchive\", rpm:\"libarchive~3.3.3~1.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:21", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-26T00:00:00", "type": "openvas", "title": "Ubuntu Update for libarchive USN-3736-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10349", "CVE-2016-10209", "CVE-2017-14166", "CVE-2017-14503", "CVE-2017-14501", "CVE-2016-10350"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843733", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843733", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3736_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for libarchive USN-3736-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843733\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2016-10209\", \"CVE-2016-10349\", \"CVE-2016-10350\", \"CVE-2017-14166\", \"CVE-2017-14501\", \"CVE-2017-14503\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:12:58 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"Ubuntu Update for libarchive USN-3736-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|18\\.04 LTS|16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3736-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3736-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libarchive'\n package(s) announced via the USN-3736-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that libarchive incorrectly handled certain archive\nfiles. A remote attacker could possibly use this issue to cause a\ndenial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu\n16.04 LTS. (CVE-2016-10209, CVE-2016-10349, CVE-2016-10350)\n\nAgostino Sarubbo discovered that libarchive incorrectly handled certain\nXAR files. A remote attacker could possibly use this issue to cause a\ndenial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu\n16.04 LTS. (CVE-2017-14166)\n\nIt was discovered that libarchive incorrectly handled certain files.\nA remote attacker could possibly use this issue to get access to\nsensitive information. (CVE-2017-14501, CVE-2017-14503)\");\n\n script_tag(name:\"affected\", value:\"libarchive on Ubuntu 18.04 LTS,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libarchive13\", ver:\"3.1.2-7ubuntu2.6\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libarchive13\", ver:\"3.2.2-3.1ubuntu0.1\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libarchive13\", ver:\"3.1.2-11ubuntu0.16.04.4\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-31T17:34:25", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-11-10T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for libarchive (openSUSE-SU-2018:3717-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10349", "CVE-2016-10209", "CVE-2017-14502", "CVE-2017-14166", "CVE-2017-14503", "CVE-2017-14501", "CVE-2016-10350"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852119", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852119", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852119\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2016-10209\", \"CVE-2016-10349\", \"CVE-2016-10350\", \"CVE-2017-14166\",\n \"CVE-2017-14501\", \"CVE-2017-14502\", \"CVE-2017-14503\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-11-10 05:59:19 +0100 (Sat, 10 Nov 2018)\");\n script_name(\"openSUSE: Security Advisory for libarchive (openSUSE-SU-2018:3717-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:3717-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-11/msg00017.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libarchive'\n package(s) announced via the openSUSE-SU-2018:3717-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for libarchive fixes the following issues:\n\n - CVE-2016-10209: The archive_wstring_append_from_mbs function in\n archive_string.c allowed remote attackers to cause a denial of service\n (NULL pointer dereference and application crash) via a crafted archive\n file. (bsc#1032089)\n\n - CVE-2016-10349: The archive_le32dec function in archive_endian.h allowed\n remote attackers to cause a denial of service (heap-based buffer\n over-read and application crash) via a crafted file. (bsc#1037008)\n\n - CVE-2016-10350: The archive_read_format_cab_read_header function in\n archive_read_support_format_cab.c allowed remote attackers to cause a\n denial of service (heap-based buffer over-read and application crash)\n via a crafted file. (bsc#1037009)\n\n - CVE-2017-14166: libarchive allowed remote attackers to cause a denial of\n service (xml_data heap-based buffer over-read and application crash) via\n a crafted xar archive, related to the mishandling of empty strings in\n the atol8 function in archive_read_support_format_xar.c. (bsc#1057514)\n\n - CVE-2017-14501: An out-of-bounds read flaw existed in parse_file_info in\n archive_read_support_format_iso9660.c when extracting a specially\n crafted iso9660 iso file, related to\n archive_read_format_iso9660_read_header. (bsc#1059139)\n\n - CVE-2017-14502: read_header in archive_read_support_format_rar.c\n suffered from an off-by-one error for UTF-16 names in RAR archives,\n leading to an out-of-bounds read in archive_read_format_rar_read_header.\n (bsc#1059134)\n\n - CVE-2017-14503: libarchive suffered from an out-of-bounds read within\n lha_read_data_none() in archive_read_support_format_lha.c when\n extracting a specially crafted lha archive, related to lha_crc16.\n (bsc#1059100)\n\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-1366=1\");\n\n script_tag(name:\"affected\", value:\"libarchive on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"bsdtar\", rpm:\"bsdtar~3.1.2~20.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bsdtar-debuginfo\", rpm:\"bsdtar-debuginfo~3.1.2~20.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libarchive-debugsource\", rpm:\"libarchive-debugsource~3.1.2~20.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libarchive-devel\", rpm:\"libarchive-devel~3.1.2~20.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libarchive13\", rpm:\"libarchive13~3.1.2~20.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libarchive13-debuginfo\", rpm:\"libarchive13-debuginfo~3.1.2~20.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libarchive13-32bit\", rpm:\"libarchive13-32bit~3.1.2~20.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libarchive13-debuginfo-32bit\", rpm:\"libarchive13-debuginfo-32bit~3.1.2~20.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-07-04T18:55:34", "description": "Multiple security issues were found in libarchive, a multi-format archive\nand compression library: Processing malformed RAR archives could result\nin denial of service or the execution of arbitrary code and malformed\nWARC, LHarc, ISO, Xar or CAB archives could result in denial of service.", "cvss3": {}, "published": "2018-12-27T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4360-1 (libarchive - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000877", "CVE-2016-10349", "CVE-2016-10209", "CVE-2018-1000878", "CVE-2017-14502", "CVE-2017-14166", "CVE-2017-14503", "CVE-2018-1000880", "CVE-2017-14501", "CVE-2016-10350"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704360", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704360", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4360-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704360\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2016-10209\", \"CVE-2016-10349\", \"CVE-2016-10350\", \"CVE-2017-14166\", \"CVE-2017-14501\",\n \"CVE-2017-14502\", \"CVE-2017-14503\", \"CVE-2018-1000877\", \"CVE-2018-1000878\", \"CVE-2018-1000880\");\n script_name(\"Debian Security Advisory DSA 4360-1 (libarchive - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-12-27 00:00:00 +0100 (Thu, 27 Dec 2018)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4360.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"libarchive on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 3.2.2-2+deb9u1.\n\nWe recommend that you upgrade your libarchive packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/libarchive\");\n script_tag(name:\"summary\", value:\"Multiple security issues were found in libarchive, a multi-format archive\nand compression library: Processing malformed RAR archives could result\nin denial of service or the execution of arbitrary code and malformed\nWARC, LHarc, ISO, Xar or CAB archives could result in denial of service.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"bsdcpio\", ver:\"3.2.2-2+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"bsdtar\", ver:\"3.2.2-2+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libarchive-dev\", ver:\"3.2.2-2+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libarchive-tools\", ver:\"3.2.2-2+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libarchive13\", ver:\"3.2.2-2+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:40:02", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libarchive (EulerOS-SA-2019-2604)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18408", "CVE-2016-10349", "CVE-2016-10209", "CVE-2017-14166", "CVE-2017-14503", "CVE-2015-2304", "CVE-2015-8915", "CVE-2016-8688", "CVE-2017-14501", "CVE-2016-10350"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192604", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192604", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2604\");\n script_version(\"2020-01-23T13:08:57+0000\");\n script_cve_id(\"CVE-2015-2304\", \"CVE-2015-8915\", \"CVE-2016-10209\", \"CVE-2016-10349\", \"CVE-2016-10350\", \"CVE-2016-8688\", \"CVE-2017-14166\", \"CVE-2017-14501\", \"CVE-2017-14503\", \"CVE-2019-18408\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:08:57 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:08:57 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libarchive (EulerOS-SA-2019-2604)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2604\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2604\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libarchive' package(s) announced via the EulerOS-SA-2019-2604 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.(CVE-2015-2304)\n\nAn out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.(CVE-2017-14501)\n\narchive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.(CVE-2019-18408)\n\nbsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file.(CVE-2015-8915)\n\nlibarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.(CVE-2017-14166)\n\nlibarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.(CVE-2017-14503)\n\nThe archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.(CVE-2016-10349)\n\nThe archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.(CVE-2016-10350)\n\nThe archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file.(CVE-2016-10209)\n\nThe mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c.(CVE-2016-8688)\");\n\n script_tag(name:\"affected\", value:\"'libarchive' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libarchive\", rpm:\"libarchive~3.1.2~10.h7\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-01-27T18:39:06", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libarchive (EulerOS-SA-2019-2202)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8687", "CVE-2016-10349", "CVE-2016-10209", "CVE-2017-14166", "CVE-2017-14503", "CVE-2016-8689", "CVE-2015-2304", "CVE-2015-8915", "CVE-2015-8933", "CVE-2016-8688", "CVE-2017-14501", "CVE-2016-10350"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192202", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192202", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2202\");\n script_version(\"2020-01-23T12:38:34+0000\");\n script_cve_id(\"CVE-2015-2304\", \"CVE-2015-8915\", \"CVE-2015-8933\", \"CVE-2016-10209\", \"CVE-2016-10349\", \"CVE-2016-10350\", \"CVE-2016-8687\", \"CVE-2016-8688\", \"CVE-2016-8689\", \"CVE-2017-14166\", \"CVE-2017-14501\", \"CVE-2017-14503\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:38:34 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:38:34 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libarchive (EulerOS-SA-2019-2202)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2202\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2202\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libarchive' package(s) announced via the EulerOS-SA-2019-2202 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive.(CVE-2016-8689)\n\nStack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename.(CVE-2016-8687)\n\nlibarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.(CVE-2017-14503)\n\nAn out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.(CVE-2017-14501)\n\nlibarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.(CVE-2017-14166)\n\nThe mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c.(CVE-2016-8688)\n\nThe archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.(CVE-2016-10350)\n\nThe archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.(CVE-2016-10349)\n\nThe archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file.(CVE-2016-10209)\n\nInteger overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file.(CVE-2015-8933)\n\nbsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file.(CVE-2015-8915)\n\nAbsolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.(CVE-2015-2304)\");\n\n script_tag(name:\"affected\", value:\"'libarchive' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libarchive\", rpm:\"libarchive~3.1.2~10.h7.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-01-29T20:11:44", "description": "Multiple security vulnerabilities were found in libarchive, a\nmulti-format archive and compression library. Heap-based buffer\nover-reads, NULL pointer dereferences and out-of-bounds reads allow\nremote attackers to cause a denial-of-service (application crash) via\nspecially crafted archive files.", "cvss3": {}, "published": "2018-11-30T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for libarchive (DLA-1600-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8687", "CVE-2016-10349", "CVE-2016-10209", "CVE-2017-14502", "CVE-2017-14166", "CVE-2017-5601", "CVE-2017-14503", "CVE-2016-8689", "CVE-2015-8915", "CVE-2016-8688", "CVE-2017-14501", "CVE-2016-10350"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891600", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891600", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891600\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2015-8915\", \"CVE-2016-10209\", \"CVE-2016-10349\", \"CVE-2016-10350\", \"CVE-2016-8687\",\n \"CVE-2016-8688\", \"CVE-2016-8689\", \"CVE-2017-14166\", \"CVE-2017-14501\", \"CVE-2017-14502\",\n \"CVE-2017-14503\", \"CVE-2017-5601\");\n script_name(\"Debian LTS: Security Advisory for libarchive (DLA-1600-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-11-30 00:00:00 +0100 (Fri, 30 Nov 2018)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"libarchive on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n3.1.2-11+deb8u4.\n\nWe recommend that you upgrade your libarchive packages.\");\n\n script_tag(name:\"summary\", value:\"Multiple security vulnerabilities were found in libarchive, a\nmulti-format archive and compression library. Heap-based buffer\nover-reads, NULL pointer dereferences and out-of-bounds reads allow\nremote attackers to cause a denial-of-service (application crash) via\nspecially crafted archive files.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"bsdcpio\", ver:\"3.1.2-11+deb8u4\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"bsdtar\", ver:\"3.1.2-11+deb8u4\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libarchive-dev\", ver:\"3.1.2-11+deb8u4\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libarchive13\", ver:\"3.1.2-11+deb8u4\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-14T16:54:11", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-03-13T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libarchive (EulerOS-SA-2020-1226)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8687", "CVE-2019-18408", "CVE-2016-10349", "CVE-2016-10209", "CVE-2017-14502", "CVE-2017-14166", "CVE-2017-5601", "CVE-2017-14503", "CVE-2016-8689", "CVE-2015-2304", "CVE-2015-8915", "CVE-2015-8933", "CVE-2016-8688", "CVE-2017-14501", "CVE-2016-10350"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562311220201226", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201226", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1226\");\n script_version(\"2020-03-13T07:15:55+0000\");\n script_cve_id(\"CVE-2015-2304\", \"CVE-2015-8915\", \"CVE-2015-8933\", \"CVE-2016-10209\", \"CVE-2016-10349\", \"CVE-2016-10350\", \"CVE-2016-8687\", \"CVE-2016-8688\", \"CVE-2016-8689\", \"CVE-2017-14166\", \"CVE-2017-14501\", \"CVE-2017-14502\", \"CVE-2017-14503\", \"CVE-2017-5601\", \"CVE-2019-18408\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 07:15:55 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-13 07:15:55 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libarchive (EulerOS-SA-2020-1226)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.2\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1226\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1226\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libarchive' package(s) announced via the EulerOS-SA-2020-1226 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header.(CVE-2017-14502)\n\nAn error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive.(CVE-2017-5601)\n\nStack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename.(CVE-2016-8687)\n\nThe read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive.(CVE-2016-8689)\n\nlibarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.(CVE-2017-14503)\n\nAn out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.(CVE-2017-14501)\n\nlibarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.(CVE-2017-14166)\n\nThe mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c.(CVE-2016-8688)\n\nThe archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.(CVE-2016-10350)\n\nThe archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.(CVE-2016-10349)\n\nThe archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL p ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'libarchive' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.2.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.2.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libarchive\", rpm:\"libarchive~3.1.2~10.h8\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-04-17T16:57:28", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-04-16T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libarchive (EulerOS-SA-2020-1488)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8918", "CVE-2016-8687", "CVE-2019-1000019", "CVE-2019-18408", "CVE-2016-10349", "CVE-2016-10209", "CVE-2017-14502", "CVE-2017-14166", "CVE-2017-5601", "CVE-2017-14503", "CVE-2016-8689", "CVE-2015-2304", "CVE-2015-8915", "CVE-2015-8933", "CVE-2016-8688", "CVE-2019-1000020", "CVE-2017-14501", "CVE-2016-10350"], "modified": "2020-04-16T00:00:00", "id": "OPENVAS:1361412562311220201488", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201488", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1488\");\n script_version(\"2020-04-16T05:58:06+0000\");\n script_cve_id(\"CVE-2015-2304\", \"CVE-2015-8915\", \"CVE-2015-8918\", \"CVE-2015-8933\", \"CVE-2016-10209\", \"CVE-2016-10349\", \"CVE-2016-10350\", \"CVE-2016-8687\", \"CVE-2016-8688\", \"CVE-2016-8689\", \"CVE-2017-14166\", \"CVE-2017-14501\", \"CVE-2017-14502\", \"CVE-2017-14503\", \"CVE-2017-5601\", \"CVE-2019-1000019\", \"CVE-2019-1000020\", \"CVE-2019-18408\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-16 05:58:06 +0000 (Thu, 16 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-16 05:58:06 +0000 (Thu, 16 Apr 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libarchive (EulerOS-SA-2020-1488)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.2\\.2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1488\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1488\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libarchive' package(s) announced via the EulerOS-SA-2020-1488 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file.(CVE-2019-1000020)\n\nlibarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file.(CVE-2019-1000019)\n\nThe archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to 'overlapping memcpy.'(CVE-2015-8918)\n\nread_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header.(CVE-2017-14502)\n\nAn error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive.(CVE-2017-5601)\n\nStack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename.(CVE-2016-8687)\n\nThe read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive.(CVE-2016-8689)\n\nlibarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.(CVE-2017-14503)\n\nAn out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.(CVE-2017-14501)\n\nlibarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty str ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'libarchive' package(s) on Huawei EulerOS Virtualization 3.0.2.2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.2.2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libarchive\", rpm:\"libarchive~3.1.2~10.h8.eulerosv2r7\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}], "redhatcve": [{"lastseen": "2021-10-13T16:51:23", "description": "libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-09-08T14:00:19", "type": "redhatcve", "title": "CVE-2017-14166", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14166"], "modified": "2021-10-13T16:45:05", "id": "RH:CVE-2017-14166", "href": "https://access.redhat.com/security/cve/cve-2017-14166", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2023-12-06T18:47:11", "description": "Package : libarchive\nVersion : 3.0.4-3+wheezy6+deb7u1\nCVE ID : CVE-2017-14166\nDebian Bug : #874539\n\nIt was discovered that there was a denial of service vulnerability in the\nlibarchive multi-format compression library. A specially-crafted .xar\narchive could cause via a heap-based buffer over-read.\n\nFor Debian 7 "Wheezy", this issue has been fixed in libarchive version\n3.0.4-3+wheezy6+deb7u1.\n\nWe recommend that you upgrade your libarchive packages.\n\n\nRegards,\n\n- -- \n ,''`.\n : :' : Chris Lamb\n `. `'` lamby@debian.org / chris-lamb.co.uk\n `-", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-08T09:00:00", "type": "debian", "title": "[SECURITY] [DLA 1092-1] libarchive security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14166"], "modified": "2017-09-08T09:00:00", "id": "DEBIAN:DLA-1092-1:77BA9", "href": "https://lists.debian.org/debian-lts-announce/2017/09/msg00009.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-08T10:48:45", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4360-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nDecember 27, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libarchive\nCVE ID : CVE-2016-10209 CVE-2016-10349 CVE-2016-10350\n CVE-2017-14166 CVE-2017-14501 CVE-2017-14502\n\t\t CVE-2017-14503 CVE-2018-1000877 CVE-2018-1000878\n\t\t CVE-2018-1000880\n\nMultiple security issues were found in libarchive, a multi-format archive\nand compression library: Processing malformed RAR archives could result\nin denial of service or the execution of arbitrary code and malformed\nWARC, LHarc, ISO, Xar or CAB archives could result in denial of service.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 3.2.2-2+deb9u1.\n\nWe recommend that you upgrade your libarchive packages.\n\nFor the detailed security status of libarchive please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/libarchive\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-12-27T16:40:27", "type": "debian", "title": "[SECURITY] [DSA 4360-1] libarchive security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10209", "CVE-2016-10349", "CVE-2016-10350", "CVE-2017-14166", "CVE-2017-14501", "CVE-2017-14502", "CVE-2017-14503", "CVE-2018-1000877", "CVE-2018-1000878", "CVE-2018-1000880"], "modified": "2018-12-27T16:40:27", "id": "DEBIAN:DSA-4360-1:DDB49", "href": "https://lists.debian.org/debian-security-announce/2018/msg00293.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-07T16:55:26", "description": "Package : libarchive\nVersion : 3.1.2-11+deb8u4\nCVE ID : CVE-2015-8915 CVE-2016-8687 CVE-2016-8688\n CVE-2016-8689 CVE-2016-10209 CVE-2016-10349\n CVE-2016-10350 CVE-2017-5601 CVE-2017-14166\n CVE-2017-14501 CVE-2017-14502 CVE-2017-14503\nDebian Bug : 853278 875960 875974 875966 874539 840934\n 840935 861609 859456 861609 784213\n\nMultiple security vulnerabilities were found in libarchive, a\nmulti-format archive and compression library. Heap-based buffer\nover-reads, NULL pointer dereferences and out-of-bounds reads allow\nremote attackers to cause a denial-of-service (application crash) via\nspecially crafted archive files.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n3.1.2-11+deb8u4.\n\nWe recommend that you upgrade your libarchive packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-11-29T22:32:50", "type": "debian", "title": "[SECURITY] [DLA 1600-1] libarchive security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8915", "CVE-2016-10209", "CVE-2016-10349", "CVE-2016-10350", "CVE-2016-8687", "CVE-2016-8688", "CVE-2016-8689", "CVE-2017-14166", "CVE-2017-14501", "CVE-2017-14502", "CVE-2017-14503", "CVE-2017-5601"], "modified": "2018-11-29T22:32:50", "id": "DEBIAN:DLA-1600-1:DC924", "href": "https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-22T13:20:07", "description": "Package : libarchive\nVersion : 3.1.2-11+deb8u4\nCVE ID : CVE-2015-8915 CVE-2016-8687 CVE-2016-8688\n CVE-2016-8689 CVE-2016-10209 CVE-2016-10349\n CVE-2016-10350 CVE-2017-5601 CVE-2017-14166\n CVE-2017-14501 CVE-2017-14502 CVE-2017-14503\nDebian Bug : 853278 875960 875974 875966 874539 840934\n 840935 861609 859456 861609 784213\n\nMultiple security vulnerabilities were found in libarchive, a\nmulti-format archive and compression library. Heap-based buffer\nover-reads, NULL pointer dereferences and out-of-bounds reads allow\nremote attackers to cause a denial-of-service (application crash) via\nspecially crafted archive files.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n3.1.2-11+deb8u4.\n\nWe recommend that you upgrade your libarchive packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-11-29T22:32:50", "type": "debian", "title": "[SECURITY] [DLA 1600-1] libarchive security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8915", "CVE-2016-10209", "CVE-2016-10349", "CVE-2016-10350", "CVE-2016-8687", "CVE-2016-8688", "CVE-2016-8689", "CVE-2017-14166", "CVE-2017-14501", "CVE-2017-14502", "CVE-2017-14503", "CVE-2017-5601"], "modified": "2018-11-29T22:32:50", "id": "DEBIAN:DLA-1600-1:3AE4E", "href": "https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2023-12-06T18:23:45", "description": "libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-06T18:29:00", "type": "debiancve", "title": "CVE-2017-14166", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14166"], "modified": "2017-09-06T18:29:00", "id": "DEBIANCVE:CVE-2017-14166", "href": "https://security-tracker.debian.org/tracker/CVE-2017-14166", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2023-12-06T14:33:09", "description": "libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-06T18:29:00", "type": "cve", "title": "CVE-2017-14166", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14166"], "modified": "2019-08-15T18:15:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:libarchive:libarchive:3.3.2", "cpe:/o:debian:debian_linux:9.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2017-14166", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14166", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:libarchive:libarchive:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"]}], "osv": [{"lastseen": "2022-08-05T05:18:00", "description": "\nIt was discovered that there was a denial of service vulnerability in the\nlibarchive multi-format compression library. A specially-crafted .xar\narchive could cause via a heap-based buffer over-read.\n\n\nFor Debian 7 Wheezy, this issue has been fixed in libarchive version\n3.0.4-3+wheezy6+deb7u1.\n\n\nWe recommend that you upgrade your libarchive packages.\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-09-08T00:00:00", "type": "osv", "title": "libarchive - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14166"], "modified": "2022-08-05T05:17:57", "id": "OSV:DLA-1092-1", "href": "https://osv.dev/vulnerability/DLA-1092-1", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-10T07:06:59", "description": "\nMultiple security issues were found in libarchive, a multi-format archive\nand compression library: Processing malformed RAR archives could result\nin denial of service or the execution of arbitrary code and malformed\nWARC, LHarc, ISO, Xar or CAB archives could result in denial of service.\n\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 3.2.2-2+deb9u1.\n\n\nWe recommend that you upgrade your libarchive packages.\n\n\nFor the detailed security status of libarchive please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/libarchive](https://security-tracker.debian.org/tracker/libarchive)\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2018-12-27T00:00:00", "type": "osv", "title": "libarchive - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000877", "CVE-2016-10349", "CVE-2016-10209", "CVE-2018-1000878", "CVE-2017-14502", "CVE-2017-14166", "CVE-2017-14503", "CVE-2018-1000880", "CVE-2017-14501", "CVE-2016-10350"], "modified": "2022-08-10T07:06:57", "id": "OSV:DSA-4360-1", "href": "https://osv.dev/vulnerability/DSA-4360-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T08:11:50", "description": "\nMultiple security vulnerabilities were found in libarchive, a\nmulti-format archive and compression library. Heap-based buffer\nover-reads, NULL pointer dereferences and out-of-bounds reads allow\nremote attackers to cause a denial-of-service (application crash) via\nspecially crafted archive files.\n\n\nFor Debian 8 Jessie, these problems have been fixed in version\n3.1.2-11+deb8u4.\n\n\nWe recommend that you upgrade your libarchive packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-11-29T00:00:00", "type": "osv", "title": "libarchive - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8687", "CVE-2016-10349", "CVE-2016-10209", "CVE-2017-14502", "CVE-2017-14166", "CVE-2017-5601", "CVE-2017-14503", "CVE-2016-8689", "CVE-2015-8915", "CVE-2016-8688", "CVE-2017-14501", "CVE-2016-10350"], "modified": "2022-07-21T06:02:25", "id": "OSV:DLA-1600-1", "href": "https://osv.dev/vulnerability/DLA-1600-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "prion": [{"lastseen": "2023-11-22T03:03:33", "description": "libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-06T18:29:00", "type": "prion", "title": "Heap overflow", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14166"], "modified": "2019-08-15T18:15:00", "id": "PRION:CVE-2017-14166", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-14166", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2023-12-06T15:24:40", "description": "libarchive 3.3.2 allows remote attackers to cause a denial of service\n(xml_data heap-based buffer over-read and application crash) via a crafted\nxar archive, related to the mishandling of empty strings in the atol8\nfunction in archive_read_support_format_xar.c.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874539>\n * <https://github.com/libarchive/libarchive/issues/935>\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-06T00:00:00", "type": "ubuntucve", "title": "CVE-2017-14166", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14166"], "modified": "2017-09-06T00:00:00", "id": "UB:CVE-2017-14166", "href": "https://ubuntu.com/security/CVE-2017-14166", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "ibm": [{"lastseen": "2023-12-06T18:17:34", "description": "## Summary\n\nlibarchive is present in the IBM App Connect Enterprise Certified Container images as part of the base operating system. IBM App Connect Enterprise Certified Container images may be vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in libarchive. [CVE-2017-14166]\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2017-14166](<https://vulners.com/cve/CVE-2017-14166>) \n** DESCRIPTION: **libarchive is vulnerable to a denial of service, caused by a xml_data heap-based buffer over-read issue in the atol8 function in archive_read_support_format_xar.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/131555](<https://exchange.xforce.ibmcloud.com/vulnerabilities/131555>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nApp Connect Enterprise Certified Container| 4.1 \nApp Connect Enterprise Certified Container| 4.2 \nApp Connect Enterprise Certified Container| 5.0-lts \n \n\n\n## Remediation/Fixes\n\nIBM strongly suggests the following: \n**App Connect Enterprise Certified Container 4.1.x to 5.0.x (Continuous Delivery)**\n\nUpgrade to App Connect Enterprise Certified Container Operator version 5.1.0 or higher, and ensure that all components are at 12.0.5.0-r2 or higher. Documentation on the upgrade process is available at <https://www.ibm.com/docs/en/app-connect/containers_cd?topic=releases-upgrading-operator>\n\n \nApp Connect Enterprise Certified Container 5.0 LTS (Long Term Support)\n\nUpgrade to App Connect Enterprise Certified Container Operator version 5.0.1 or higher, and ensure that all components are at 12.0.6.0-r1-lts or higher. Documentation on the upgrade process is available at <https://www.ibm.com/docs/en/app-connect-contlts?topic=releases-upgrading-operator>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2023-03-28T10:20:14", "type": "ibm", "title": "Security Bulletin: IBM App Connect Enterprise Certified Container images may be vulnerable to denial of service due to libarchive [CVE-2017-14166]", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14166"], "modified": "2023-03-28T10:20:14", "id": "E43AFA46DF711A5E2AE5BE51AB107F1495B08D847775CA8983EBB8F7C4D7EED5", "href": "https://www.ibm.com/support/pages/node/6966610", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-23T21:48:15", "description": "## Summary\n\nMultiple libarchive vulnerabilities affect Watson Explorer.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2017-14166](<https://vulners.com/cve/CVE-2017-14166>) \n**DESCRIPTION:** libarchive is vulnerable to a denial of service, caused by a xml_data heap-based buffer over-read issue in the atol8 function in archive_read_support_format_xar.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/131555> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2017-14501](<https://vulners.com/cve/CVE-2017-14501>) \n**DESCRIPTION:** libarchive is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the parse_file_info function in archive_read_support_format_iso9660.c. By persuading a victim to extract a specially-crafted iso file, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base Score: 7.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/132122> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2017-14502](<https://vulners.com/cve/CVE-2017-14502>) \n**DESCRIPTION:** libarchive is vulnerable to a buffer overflow, caused by improper bounds checking by the read_header function in archive_read_support_format_rar.c. By persuading a victim to open a specially-crafted RAR file, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base Score: 7.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/132123> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2017-14503](<https://vulners.com/cve/CVE-2017-14503>) \n**DESCRIPTION: **libarchive is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the lha_read_data_none function in archive_read_support_format_lha.c. By persuading a victim to extract a specially-crafted lha archive, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base Score: 7.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/132124> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nThese vulnerabilities apply to the following products and versions:\n\n * Watson Explorer Foundational Components version 10.0.0.5 and earlier.\n * Watson Explorer Foundational Components version 11.0.0.3 and earlier, version 11.0.1, version 11.0.2.\n * Watson Explorer Foundational Components version 12.0.1 and earlier.\n\n## Remediation/Fixes\n\nFollow these steps to upgrade to the required version of libarchive. The table reflects product names at the time the specified versions were released. To use the link to Fix Central in this table, you must first log in to the IBM Support: Fix Central site at [_http://www.ibm.com/support/fixcentral/_](<http://www.ibm.com/support/fixcentral/>). \n\n\n**Affected Product** | **Affected Versions** | **How to acquire and apply the fix** \n---|---|--- \nIBM Watson Explorer DAE Foundational Components | \n\n12.0.0,\n\n12.0.1\n\n| \n\nUpgrade to Version 12.0.2 or later. \n\n\nSee [Watson Explorer Version 12.0.2.2 Foundational Components](<https://www.ibm.com/support/docview.wss?uid=ibm10872994>) for download information and instructions. \n \nIBM Watson Explorer Foundational Components | 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2 - 11.0.2.3 | Upgrade to Version 11.0.2.4 or later. \n \nSee [Watson Explorer Version 11.0.2.5 Foundational Components](<http://www.ibm.com/support/docview.wss?uid=ibm10878092>) for download information and instructions. \nIBM Watson Explorer Foundational Components | 10.0.0.0 - 10.0.0.5 | \n\nUpgrade to 10.0.0.6.\n\nSee [Watson Explorer Version 10.0.0.6 Foundational Components](<http://www.ibm.com/support/docview.wss?uid=ibm10877462>) for download information and instructions. \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-03-29T08:10:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities affect Watson Explorer (CVE-2017-14166, CVE-2017-14501, CVE-2017-14502, CVE-2017-14503)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14166", "CVE-2017-14501", "CVE-2017-14502", "CVE-2017-14503"], "modified": "2019-03-29T08:10:01", "id": "B62D8810A9F9CE7BA2083D51187066D68816FFD4EBF6BF909B47034366888437", "href": "https://www.ibm.com/support/pages/node/878841", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-06T18:04:49", "description": "## Summary\n\nMultiple issues were identified in Red Hat UBI packages libcurl, openssl, gnutls, libarchive and libsepol that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-0286](<https://vulners.com/cve/CVE-2023-0286>) \n** DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a type confusion error related to X.400 address processing inside an X.509 GeneralName. By passing arbitrary pointers to a memcmp call, a remote attacker could exploit this vulnerability to read memory contents or cause a denial of service. \nCVSS Base score: 8.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/246611](<https://exchange.xforce.ibmcloud.com/vulnerabilities/246611>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H) \n \n** CVEID: **[CVE-2023-23914](<https://vulners.com/cve/CVE-2023-23914>) \n** DESCRIPTION: **cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a flaw in the HSTS function when multiple URLs are requested serially. By sniffing the network traffic, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247433](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247433>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2023-23915](<https://vulners.com/cve/CVE-2023-23915>) \n** DESCRIPTION: **cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a flaw in the HSTS function when multiple URLs are requested in parallel. By sniffing the network traffic, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247436](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247436>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2023-23916](<https://vulners.com/cve/CVE-2023-23916>) \n** DESCRIPTION: **cURL libcurl is vulnerable to a denial of service, caused by a flaw in the decompression chain implementation. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause memory errors, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247437](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247437>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-40897](<https://vulners.com/cve/CVE-2022-40897>) \n** DESCRIPTION: **Pypa Setuptools is vulnerable to a denial of service, caused by improper input validation. By sending request with a specially crafted regular expression, an remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/243028](<https://exchange.xforce.ibmcloud.com/vulnerabilities/243028>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2023-0361](<https://vulners.com/cve/CVE-2023-0361>) \n** DESCRIPTION: **GnuTLS could allow a remote attacker to obtain sensitive information, caused by a timing side-channel flaw in the handling of RSA ClientKeyExchange messages. By recovering the secret from the ClientKeyExchange message, an attacker could exploit this vulnerability to decrypt the application data exchanged over that connection, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247680](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247680>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2017-14166](<https://vulners.com/cve/CVE-2017-14166>) \n** DESCRIPTION: **libarchive is vulnerable to a denial of service, caused by a xml_data heap-based buffer over-read issue in the atol8 function in archive_read_support_format_xar.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/131555](<https://exchange.xforce.ibmcloud.com/vulnerabilities/131555>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-4304](<https://vulners.com/cve/CVE-2022-4304>) \n** DESCRIPTION: **OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/246612](<https://exchange.xforce.ibmcloud.com/vulnerabilities/246612>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-4450](<https://vulners.com/cve/CVE-2022-4450>) \n** DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a double-free error related to the improper handling of specific PEM data by the PEM_read_bio_ex() function. By sending specially crafted PEM files for parsing, a remote attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/246615](<https://exchange.xforce.ibmcloud.com/vulnerabilities/246615>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2023-0215](<https://vulners.com/cve/CVE-2023-0215>) \n** DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a use-after-free error related to the incorrect handling of streaming ASN.1 data by the BIO_new_NDEF function. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/246614](<https://exchange.xforce.ibmcloud.com/vulnerabilities/246614>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** IBM X-Force ID: **221405 \n** DESCRIPTION: **SELinux Project SELinux Userspace is vulnerable to a denial of service, caused by a toHeap-use-after-free flaw in the cil_reset_classperms_set function in libsepol/cil/src/cil_reset_ast.c. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition or obtain sensitive information. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/221405 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/221405>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \n \nIBM MQ Operator\n\n| \n\nCD: v2.3.1 and prior releases \nLTS: v2.0.9 and prior releases \n \nIBM supplied MQ Advanced container images\n\n| \n\n9.3.2.0-r2, 9.3.0.4-r2 and prior releases \n \n \n## Remediation/Fixes\n\nIssue mentioned by this security bulletin is addressed in IBM MQ Operator v2.3.2 CD release that included IBM supplied MQ Advanced 9.3.2.1-r1 container image and IBM MQ Operator v2.0.10 LTS release that included IBM supplied MQ Advanced 9.3.0.5-r1 container image. \n \nIBM strongly recommends addressing the vulnerability now \n \n\n\n**IBM MQ Operator 2.3.2 CD release details: \n \n**\n\n**Image**\n\n| \n\n**Fix Version**\n\n| \n\n**Registry**\n\n| \n\n**Image Location** \n \n---|---|---|--- \n \nibm-mq-operator\n\n| \n\nv2.3.2\n\n| \n\nicr.io\n\n| \n\nicr.io/cpopen/ibm-mq-operator@sha256:d409a7d9b0bd1601d5085d85d771476d088a57ec7fc8ddeb0eb1d8bba367e55a \n \nibm-mqadvanced-server\n\n| \n\n9.3.2.1-r1\n\n| \n\ncp.icr.io\n\n| \n\ncp.icr.io/cp/ibm-mqadvanced-server@sha256:0cb3859e85a426919c28aeb9c981fc712ad1fd8a58e9f7e9034273b077654de7 \n \nibm-mqadvanced-server-integration\n\n| \n\n9.3.2.1-r1\n\n| \n\ncp.icr.io\n\n| \n\ncp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:3ac069f660138f5b8aa0697d4ab14546a8b036c404fa0ddf0655fa76f71f8feb \n \nibm-mqadvanced-server-dev\n\n| \n\n9.3.2.1-r1\n\n| \n\nicr.io\n\n| \n\nicr.io/ibm-messaging/mq@sha256:c43cd3ba98e61dd421465d32afa3b8be4c177c851dc78eaf6681174988ca1d2d \n \n** IBM MQ Operator V2.0.10 LTS release details: \n**\n\n**Image**\n\n| \n\n**Fix Version**\n\n| \n\n**Registry**\n\n| \n\n**Image Location** \n \n---|---|---|--- \n \nibm-mq-operator\n\n| \n\n2.0.10\n\n| \n\nicr.io\n\n| \n\nicr.io/cpopen/ibm-mq-operator@sha256:9abfadb09f0fc8bae697cbc22b6fcf11069e76b65e836c56448db1b8e3f6a5a6 \n \nibm-mqadvanced-server\n\n| \n\n9.3.0.5-r1\n\n| \n\ncp.icr.io\n\n| \n\ncp.icr.io/cp/ibm-mqadvanced-server@sha256:a316816daaec0c9deff8beecb18a5e1ab9885f9490c8dffb210fe11286ec199f \n \nibm-mqadvanced-server-integration\n\n| \n\n9.3.0.5-r1\n\n| \n\ncp.icr.io\n\n| \n\ncp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:14bc3b81f84ef2d564897da77edc857931c72e01b64701f5af09c99ef714ed0b \n \nibm-mqadvanced-server-dev\n\n| \n\n9.3.0.5-r1\n\n| \n\nicr.io\n\n| \n\nicr.io/ibm-messaging/mq@sha256:327de72c56b374aae387631858d561c71d75bb46c510037d25ecaf97dc45b252 \n \n \n \n \n\n\n## Workarounds and Mitigations\n\nImportant Note for users of Operations Dashboard on IBM MQ LTS Queue Manager Container [9.3.0.5-r1](<https://www.ibm.com/docs/en/ibm-mq/9.3?topic=openshift-release-history-mq-operator#ctr_release_notes__operator-2.0.10__title__1>) Image \n\nWhen Operations Dashboard is enabled, IBM MQ LTS Queue Manager Container Images [9.3.0.5-r1](<https://www.ibm.com/docs/en/ibm-mq/9.3?topic=openshift-release-history-mq-operator#ctr_release_notes__operator-2.0.10__title__1>) deploy Operations Dashboard \nAgent and Collector images that do not contain the latest security fixes available at the time of their GA.\n\nMitigation: Upgrade all IBM MQ LTS Queue Manager Container [9.3.0.5-r1 ](<https://www.ibm.com/docs/en/ibm-mq/9.3?topic=openshift-release-history-mq-operator#ctr_release_notes__operator-2.0.10__title__1>)images with Operations Dashboard enabled to at least [9.3.0.5-r3](<https://www.ibm.com/docs/en/ibm-mq/9.3?topic=openshift-release-history-mq-operator#ctr_release_notes__operator-2.0.12__title__1>). \nTo complete this upgrade, follow the instructions in Upgrading an [IBM MQ queue manager using Red Hat OpenShift.](<https://www.ibm.com/docs/en/ibm-mq/9.3?topic=umoqm-upgrading-mq-queue-manager-using-red-hat-openshift>)\n\n## ", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-06-19T12:14:34", "type": "ibm", "title": "Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from libcurl, openssl, gnutls, libarchive and libsepol", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14166", "CVE-2022-40897", "CVE-2022-4304", "CVE-2022-4450", "CVE-2023-0215", "CVE-2023-0286", "CVE-2023-0361", "CVE-2023-23914", "CVE-2023-23915", "CVE-2023-23916"], "modified": "2023-06-19T12:14:34", "id": "DC148DFF8F4F5A603E125159387DDB74B130ECA96CD5DB991E8DFDB9CB8F33B2", "href": "https://www.ibm.com/support/pages/node/6986323", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "gentoo": [{"lastseen": "2023-12-06T15:50:46", "description": "### Background\n\nlibarchive is a library for manipulating different streaming archive formats, including certain tar variants, several cpio formats, and both BSD and GNU ar variants. \n\n### Description\n\nMultiple vulnerabilities have been discovered in libarchive. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll libarchive users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-arch/libarchive-3.3.3\"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-08-15T00:00:00", "type": "gentoo", "title": "libarchive: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14166", "CVE-2017-14501", "CVE-2017-14502", "CVE-2017-14503"], "modified": "2019-08-15T00:00:00", "id": "GLSA-201908-11", "href": "https://security.gentoo.org/glsa/201908-11", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2021-07-28T14:46:50", "description": "Libarchive is a programming library that can create and read several differ ent streaming archive formats, including most popular tar variants, several cpio formats, and both BSD and GNU ar variants. It can also write shar archives and read ISO9660 CDROM images and ZIP archives. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-11-21T03:13:00", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: libarchive-3.3.3-1.fc28", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10349", "CVE-2016-10350", "CVE-2017-14166", "CVE-2017-14502", "CVE-2017-14503"], "modified": "2018-11-21T03:13:00", "id": "FEDORA:68780608A492", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QAHTQQHWOKYDFRYOU5GWTJVHWQNV32FQ/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-28T14:46:50", "description": "Libarchive is a programming library that can create and read several differ ent streaming archive formats, including most popular tar variants, several cpio formats, and both BSD and GNU ar variants. It can also write shar archives and read ISO9660 CDROM images and ZIP archives. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-10-31T16:42:22", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: libarchive-3.3.3-1.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10349", "CVE-2016-10350", "CVE-2017-14166", "CVE-2017-14502", "CVE-2017-14503"], "modified": "2018-10-31T16:42:22", "id": "FEDORA:AA71A6383D9A", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GW5LXYQOJHWBJIZWPM5VHHPPC4B53P3M/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2023-12-06T22:06:57", "description": "## Releases\n\n * Ubuntu 18.04 ESM\n * Ubuntu 16.04 ESM\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * libarchive \\- Library to read/write archive files\n\nIt was discovered that libarchive incorrectly handled certain archive files. \nA remote attacker could possibly use this issue to cause a denial of service. \nThis issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. \n(CVE-2016-10209, CVE-2016-10349, CVE-2016-10350)\n\nAgostino Sarubbo discovered that libarchive incorrectly handled certain XAR files. \nA remote attacker could possibly use this issue to cause a denial of service. \nThis issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. \n(CVE-2017-14166)\n\nIt was discovered that libarchive incorrectly handled certain files. \nA remote attacker could possibly use this issue to get access to sensitive \ninformation. (CVE-2017-14501, CVE-2017-14503)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-08-13T00:00:00", "type": "ubuntu", "title": "libarchive vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10209", "CVE-2016-10349", "CVE-2016-10350", "CVE-2017-14166", "CVE-2017-14501", "CVE-2017-14503"], "modified": "2018-08-13T00:00:00", "id": "USN-3736-1", "href": "https://ubuntu.com/security/notices/USN-3736-1", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "cloudfoundry": [{"lastseen": "2023-12-06T21:54:37", "description": "# \n\n# Severity\n\nLow\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n * Canonical Ubuntu 16.04\n * Canonical Ubuntu 18.04\n\n# Description\n\nIt was discovered that libarchive incorrectly handled certain archive files. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10209, CVE-2016-10349, CVE-2016-10350)\n\nAgostino Sarubbo discovered that libarchive incorrectly handled certain XAR files. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-14166)\n\nIt was discovered that libarchive incorrectly handled certain files. A remote attacker could possibly use this issue to get access to sensitive information. (CVE-2017-14501, CVE-2017-14503)\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is low unless otherwise noted._\n\n * Cloud Foundry BOSH trusty-stemcells are vulnerable, including: \n * 3363.x versions prior to 3363.72\n * 3421.x versions prior to 3421.79\n * 3445.x versions prior to 3445.64\n * 3468.x versions prior to 3468.64\n * 3541.x versions prior to 3541.44\n * 3586.x versions prior to 3586.36\n * All other stemcells not listed.\n * Cloud Foundry BOSH xenial-stemcells are vulnerable, including: \n * 97.x versions prior to 97.12\n * All other stemcells not listed.\n * All versions of Cloud Foundry cflinuxfs2 prior to 1.229.0\n * All versions of Cloud Foundry cflinuxfs3 prior to 0.9.0\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH trusty-stemcells: \n * Upgrade 3363.x versions to 3363.72\n * Upgrade 3421.x versions to 3421.79\n * Upgrade 3445.x versions to 3445.64\n * Upgrade 3468.x versions to 3468.64\n * Upgrade 3541.x versions to 3541.44\n * Upgrade 3586.x versions to 3586.36\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-trusty>).\n * The Cloud Foundry project recommends upgrading the following BOSH xenial-stemcells: \n * Upgrade 97.x versions to 97.12\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-xenial>).\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.229.0 or later.\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs3 version 0.9.0 or later.\n\n# References\n\n * [USN-3736-1](<https://usn.ubuntu.com/3736-1>)\n * [CVE-2016-10209](<https://people.canonical.com/~ubuntu-security/cve/CVE-2016-10209>)\n * [CVE-2016-10349](<https://people.canonical.com/~ubuntu-security/cve/CVE-2016-10349>)\n * [CVE-2016-10350](<https://people.canonical.com/~ubuntu-security/cve/CVE-2016-10350>)\n * [CVE-2017-14166](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14166>)\n * [CVE-2017-14501](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14501>)\n * [CVE-2017-14503](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14503>)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-09-11T00:00:00", "type": "cloudfoundry", "title": "USN-3736-1: libarchive vulnerabilities | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10209", "CVE-2016-10349", "CVE-2016-10350", "CVE-2017-14166", "CVE-2017-14501", "CVE-2017-14503"], "modified": "2018-09-11T00:00:00", "id": "CFOUNDRY:0141F33027F891BC23BDC6EEA00184DA", "href": "https://www.cloudfoundry.org/blog/usn-3736-1/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "suse": [{"lastseen": "2018-11-10T02:37:48", "description": "This update for libarchive fixes the following issues:\n\n - CVE-2016-10209: The archive_wstring_append_from_mbs function in\n archive_string.c allowed remote attackers to cause a denial of service\n (NULL pointer dereference and application crash) via a crafted archive\n file. (bsc#1032089)\n - CVE-2016-10349: The archive_le32dec function in archive_endian.h allowed\n remote attackers to cause a denial of service (heap-based buffer\n over-read and application crash) via a crafted file. (bsc#1037008)\n - CVE-2016-10350: The archive_read_format_cab_read_header function in\n archive_read_support_format_cab.c allowed remote attackers to cause a\n denial of service (heap-based buffer over-read and application crash)\n via a crafted file. (bsc#1037009)\n - CVE-2017-14166: libarchive allowed remote attackers to cause a denial of\n service (xml_data heap-based buffer over-read and application crash) via\n a crafted xar archive, related to the mishandling of empty strings in\n the atol8 function in archive_read_support_format_xar.c. (bsc#1057514)\n - CVE-2017-14501: An out-of-bounds read flaw existed in parse_file_info in\n archive_read_support_format_iso9660.c when extracting a specially\n crafted iso9660 iso file, related to\n archive_read_format_iso9660_read_header. (bsc#1059139)\n - CVE-2017-14502: read_header in archive_read_support_format_rar.c\n suffered from an off-by-one error for UTF-16 names in RAR archives,\n leading to an out-of-bounds read in archive_read_format_rar_read_header.\n (bsc#1059134)\n - CVE-2017-14503: libarchive suffered from an out-of-bounds read within\n lha_read_data_none() in archive_read_support_format_lha.c when\n extracting a specially crafted lha archive, related to lha_crc16.\n (bsc#1059100)\n\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "cvss3": {}, "published": "2018-11-10T00:29:34", "type": "suse", "title": "Security update for libarchive (moderate)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-10349", "CVE-2016-10209", "CVE-2017-14502", "CVE-2017-14166", "CVE-2017-14503", "CVE-2017-14501", "CVE-2016-10350"], "modified": "2018-11-10T00:29:34", "id": "OPENSUSE-SU-2018:3717-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-11/msg00017.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}]}
CVE-2017-14166
