Lucene search

K

[email protected]NVD:CVE-2007-3644

HistoryJul 14, 2007 - 12:30 a.m.

CVE-2007-3644

2007-07-1400:30:00

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.4 Medium

AI Score

Confidence

High

0.104 Low

EPSS

Percentile

95.0%

archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (infinite loop) via (1) an end-of-file condition within a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive.

Affected configurations

NVD

Node

freebsdlibarchiveRange≤2.2.3

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924

osvdb.org/38093

osvdb.org/38094

people.freebsd.org/~kientzle/libarchive/

secunia.com/advisories/26050

secunia.com/advisories/26062

secunia.com/advisories/26355

secunia.com/advisories/28377

security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc

security.freebsd.org/patches/SA-07:05/libarchive.patch

security.gentoo.org/glsa/glsa-200708-03.xml

www.debian.org/security/2008/dsa-1455

www.kb.cert.org/vuls/id/970849

www.novell.com/linux/security/advisories/2007_15_sr.html

www.securityfocus.com/bid/24885

www.securitytracker.com/id?1018379

www.vupen.com/english/advisories/2007/2521

exchange.xforce.ibmcloud.com/vulnerabilities/35402

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.4 Medium

AI Score

Confidence

High

0.104 Low

EPSS

Percentile

95.0%

Related for NVD:CVE-2007-3644

cert1 cvelist2 cve2 debiancve2 ubuntucve2 prion2 nvd1 nessus3 openvas6 freebsd_advisory1 debian1 securityvulns2 gentoo1 osv1 kitploit1