Lucene search

K
cveMitreCVE-2016-8688
HistoryFeb 15, 2017 - 7:59 p.m.

CVE-2016-8688

2017-02-1519:59:00
CWE-125
mitre
web.nvd.nist.gov
60
cve-2016-8688
mtree bidder
libarchive 3.2.1
denial of service
remote attackers

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

5.9

Confidence

High

EPSS

0.009

Percentile

82.9%

The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c.

Affected configurations

Nvd
Node
libarchivelibarchiveMatch3.2.1
Node
opensuseleapMatch42.2
VendorProductVersionCPE
libarchivelibarchive3.2.1cpe:/a:libarchive:libarchive:3.2.1:::

References

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

5.9

Confidence

High

EPSS

0.009

Percentile

82.9%