CVE-2016-6250
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
8.8 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.009 Low
EPSS
Percentile
82.2%
Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow.
| CPE | Name | Operator | Version |
|---|---|---|---|
| oracle:linux | oracle linux | eq | 7 |
| libarchive:libarchive | libarchive | le | 3.2.0 |
References
rhn.redhat.com/errata/RHSA-2016-1844.html
www.openwall.com/lists/oss-security/2016/07/20/1
www.openwall.com/lists/oss-security/2016/07/21/3
www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
www.securityfocus.com/bid/92036
www.securitytracker.com/id/1036431
bugzilla.redhat.com/show_bug.cgi?id=1347085
github.com/libarchive/libarchive/commit/3014e198
github.com/libarchive/libarchive/files/295073/libarchiveOverflow.txt
github.com/libarchive/libarchive/issues/711
security.gentoo.org/glsa/201701-03
Social References
More
Related
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
8.8 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.009 Low
EPSS
Percentile
82.2%