8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
9 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.059 Low
EPSS
Percentile
93.4%
Software: libarchive 3.1.2
OS: Cobalt 7.9
CVE-ID: CVE-2015-2304
CVE-Crit: HIGH
CVE-DESC: Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via the full path in the archive.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2015-8915
CVE-Crit: MEDIUM
CVE-DESC: bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and failure) via a crafted cpio file.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2015-8918
CVE-Crit: HIGH
CVE-DESC: archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (failure) via created cab files related to “memcpy overlap”.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2015-8927
CVE-Crit: MEDIUM
CVE-DESC: The trad_enc_decrypt_update function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (read heap out-of-bounds and crash) via a crafted zip file associated with a password read.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2015-8929
CVE-Crit: MEDIUM
CVE-DESC: A memory leak in __archive_read_get_extract in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2015-8933
CVE-Crit: MEDIUM
CVE-DESC: Integer overflow in archive_read_format_tar_skip function in archive_read_support_format_tar_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (failure) via a created tar file.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2016-4301
CVE-Crit: HIGH
CVE-DESC: Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code through a crafted mtree file.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2016-6250
CVE-Crit: HIGH
CVE-DESC: Integer overflow in the ISO9660 write module in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code using vectors related to file length checks on ISO9660 archive writes that trigger buffer overflow.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2016-7166
CVE-Crit: MEDIUM
CVE-DESC: libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2019-11463
CVE-Crit: MEDIUM
CVE-DESC: A memory leak in archive_read_format_zip_cleanup in archive_read_support_format_zip.c in libarchive 3.3.4-dev allows remote attackers to cause a denial of service via a crafted ZIP file due to the HAVE_LZMA_H typo. NOTE: this only affects users who have downloaded development code from GitHub. Users of official product releases will not be affected.
CVE-STATUS: default
CVE-REV: default
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Cobalt | any | noarch | libarchive | < 3.1.2 | UNKNOWN |
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
9 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.059 Low
EPSS
Percentile
93.4%