5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.008 Low
EPSS
Percentile
81.1%
Problem Description:
If the end of an archive is reached while attempting to
“skip” past a region of an archive, libarchive will enter an
infinite loop wherein it repeatedly attempts (and fails) to
read further data.
Impact:
An attacker able to cause a system to extract (via “tar -x”
or another application which uses libarchive) or list the
contents (via “tar -t” or another libarchive-using
application) of an archive provided by the attacker can cause
libarchive to enter an infinite loop and use all available
CPU time.
Workaround:
No workaround is available.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | libarchive | < 1.3.1 | UNKNOWN |