Lucene search

K
cveMitreCVE-2016-7166
HistorySep 21, 2016 - 2:25 p.m.

CVE-2016-7166

2016-09-2114:25:29
CWE-399
mitre
web.nvd.nist.gov
80
libarchive
cve-2016-7166
denial of service
memory consumption
application crash
nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.1

Confidence

High

EPSS

0.017

Percentile

87.9%

libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.

Affected configurations

Nvd
Node
redhatenterprise_linux_desktopMatch7.0
OR
redhatenterprise_linux_hpc_nodeMatch7.0
OR
redhatenterprise_linux_hpc_node_eusMatch7.2
OR
redhatenterprise_linux_serverMatch7.0
OR
redhatenterprise_linux_server_ausMatch7.2
OR
redhatenterprise_linux_server_eusMatch7.2
OR
redhatenterprise_linux_workstationMatch7.0
Node
libarchivelibarchiveRange3.1.901a
Node
redhatenterprise_linux_desktopMatch6.0
OR
redhatenterprise_linux_hpc_nodeMatch6.0
OR
redhatenterprise_linux_serverMatch6.0
OR
redhatenterprise_linux_workstationMatch6.0
Node
oraclelinuxMatch6
OR
oraclelinuxMatch7
VendorProductVersionCPE
redhatenterprise_linux_desktop7.0cpe:/o:redhat:enterprise_linux_desktop:7.0:::
redhatenterprise_linux_server_eus7.2cpe:/o:redhat:enterprise_linux_server_eus:7.2:::
redhatenterprise_linux_hpc_node_eus7.2cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.2:::
redhatenterprise_linux_server_aus7.2cpe:/o:redhat:enterprise_linux_server_aus:7.2:::
redhatenterprise_linux_server7.0cpe:/o:redhat:enterprise_linux_server:7.0:::
redhatenterprise_linux_workstation7.0cpe:/o:redhat:enterprise_linux_workstation:7.0:::
redhatenterprise_linux_hpc_node7.0cpe:/o:redhat:enterprise_linux_hpc_node:7.0:::

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.1

Confidence

High

EPSS

0.017

Percentile

87.9%