CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
52.1%
The updated packages fix several security vulnerabilities: A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive’s file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive. (CVE-2016-5418, issues #745 and #746) Very long pathnames evade symlink checks (issue#744) size_t underflow leading to out of bounds heap read in process_extra() / archive_read_support_format_zip.c (issue#770) stack-based buffer overflow in bsdtar_expand_char (util.c) (issue#767) libarchive can compress, but cannot decompress zip some files (issue#748) hang in tar parser (issue#731) Out of bounds read in mtree parser (issue#747) heap-based buffer overflow in read_Header (archive_read_support_format_7zip.c) (issue#761)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 5 | noarch | libarchive | < 3.2.1-1.2 | libarchive-3.2.1-1.2.mga5 |
bugs.mageia.org/show_bug.cgi?id=19351
github.com/libarchive/libarchive/issues/731
github.com/libarchive/libarchive/issues/744
github.com/libarchive/libarchive/issues/745
github.com/libarchive/libarchive/issues/746
github.com/libarchive/libarchive/issues/748
github.com/libarchive/libarchive/issues/767
github.com/libarchive/libarchive/issues/770
rhn.redhat.com/errata/RHSA-2016-1844.html
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
52.1%