Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-2549-1
HistoryMar 25, 2015 - 12:00 a.m.

libarchive vulnerabilities

2015-03-2500:00:00
ubuntu.com
35

8.4 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.011 Low

EPSS

Percentile

84.6%

JSON

Releases

  • Ubuntu 14.10
  • Ubuntu 14.04 ESM
  • Ubuntu 12.04

Packages

  • libarchive - Library to read/write archive files

Details

It was discovered that the libarchive bsdcpio utility extracted absolute
paths by default without using the --insecure flag, contrary to
expectations. If a user or automated system were tricked into extracting
cpio archives containing absolute paths, a remote attacker may be able to
write to arbitrary files. (CVE-2015-2304)

Fabian Yamaguchi discovered that libarchive incorrectly handled certain
type conversions. A remote attacker could possibly use this issue to cause
libarchive to crash, resulting in a denial of service. This issue only
affected Ubuntu 12.04 LTS. (CVE-2013-0211)

OSVersionArchitecturePackageVersionFilename
Ubuntu14.10noarchbsdcpio< 3.1.2-9ubuntu0.1UNKNOWN
Ubuntu14.10noarchbsdtar< 3.1.2-9ubuntu0.1UNKNOWN
Ubuntu14.10noarchlibarchive-dev< 3.1.2-9ubuntu0.1UNKNOWN
Ubuntu14.10noarchlibarchive13< 3.1.2-9ubuntu0.1UNKNOWN
Ubuntu14.04noarchbsdcpio< 3.1.2-7ubuntu2.1UNKNOWN
Ubuntu14.04noarchbsdtar< 3.1.2-7ubuntu2.1UNKNOWN
Ubuntu14.04noarchlibarchive-dev< 3.1.2-7ubuntu2.1UNKNOWN
Ubuntu14.04noarchlibarchive13< 3.1.2-7ubuntu2.1UNKNOWN
Ubuntu12.04noarchbsdcpio< 3.0.3-6ubuntu1.1UNKNOWN
Ubuntu12.04noarchbsdtar< 3.0.3-6ubuntu1.1UNKNOWN
Rows per page:
1-10 of 121

Related

openvas 24
nessus 24
freebsd 1
osv 2
prion 2
ubuntucve 2
freebsd_advisory 2
debiancve 2
cve 2
altlinux 1
fedora 4
securityvulns 3
gentoo 2
suse 1
rosalinux 1
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2015:0667-1)
2021-04-19 00:00:00
Ubuntu: Security Advisory (USN-2549-1)
2015-03-26 00:00:00
Splunk 5.x - 6.4.x Multiple Vulnerabilities
2016-09-19 00:00:00
nessus
nessus
Ubuntu 14.04 LTS : libarchive vulnerabilities (USN-2549-1)
2015-03-26 00:00:00
FreeBSD : libarchive -- multiple vulnerabilities (7c63775e-be31-11e5-b5fe-002590263bf5)
2016-01-19 00:00:00
SUSE SLED12 / SLES12 Security Update : libarchive (SUSE-SU-2015:0667-1)
2015-05-20 00:00:00
freebsd
freebsd
libarchive -- multiple vulnerabilities
2012-12-06 00:00:00
osv
osv
libarchive - security update
2015-03-05 00:00:00
libarchive - security update
2015-03-07 00:00:00
prion
prion
Path traversal
2015-03-15 19:59:00
Integer overflow
2013-09-30 22:55:00
ubuntucve
ubuntucve
CVE-2015-2304
2015-03-15 00:00:00
CVE-2013-0211
2013-03-25 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-16:22.libarchive
2016-05-31 00:00:00
FreeBSD-SA-16:23.libarchive
2016-05-31 00:00:00
debiancve
debiancve
CVE-2015-2304
2015-03-15 19:59:00
CVE-2013-0211
2013-09-30 22:55:00
cve
cve
CVE-2015-2304
2015-03-15 19:59:00
CVE-2013-0211
2013-09-30 22:55:00
altlinux
altlinux
Security fix for the ALT Linux 10 package libarchive version 3.1.2-alt2
2015-08-05 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: libarchive-3.0.4-3.fc17
2013-04-12 22:27:24
[SECURITY] Fedora 18 Update: mingw-libarchive-3.0.4-4.fc18
2013-04-08 00:22:17
[SECURITY] Fedora 17 Update: mingw-libarchive-3.0.4-4.fc17
2013-04-08 00:26:15
securityvulns
securityvulns
libarchive integer overflow
2013-05-06 00:00:00
[ MDVSA-2013:147 ] libarchive
2013-05-06 00:00:00
libarchive directory traversal
2015-04-20 00:00:00
gentoo
gentoo
libarchive: Multiple vulnerabilities
2014-06-01 00:00:00
libarchive: Multiple vulnerabilities
2017-01-01 00:00:00
suse
suse
Security update for bsdtar (important)
2016-08-02 17:08:50
rosalinux
rosalinux
Advisory ROSA-SA-2021-1862
2021-07-02 17:10:44

8.4 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.011 Low

EPSS

Percentile

84.6%

JSON
Related for USN-2549-1
openvas24nessus24freebsd1osv2prion2ubuntucve2freebsd_advisory2debiancve2cve2altlinux1fedora4securityvulns3gentoo2suse1rosalinux1