Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-3033-1
HistoryJul 14, 2016 - 12:00 a.m.

libarchive vulnerabilities

2016-07-1400:00:00
ubuntu.com
28

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.075 Low

EPSS

Percentile

94.1%

JSON

Releases

  • Ubuntu 16.04 ESM
  • Ubuntu 15.10
  • Ubuntu 14.04 ESM
  • Ubuntu 12.04

Packages

  • libarchive - Library to read/write archive files

Details

Hanno Böck discovered that libarchive contained multiple security issues
when processing certain malformed archive files. A remote attacker could
use this issue to cause libarchive to crash, resulting in a denial of
service, or possibly execute arbitrary code. (CVE-2015-8916, CVE-2015-8917
CVE-2015-8919, CVE-2015-8920, CVE-2015-8921, CVE-2015-8922, CVE-2015-8923,
CVE-2015-8924, CVE-2015-8925, CVE-2015-8926, CVE-2015-8928, CVE-2015-8930,
CVE-2015-8931, CVE-2015-8932, CVE-2015-8933, CVE-2015-8934, CVE-2016-5844)

Marcin “Icewall” Noga discovered that libarchive contained multiple
security issues when processing certain malformed archive files. A remote
attacker could use this issue to cause libarchive to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2016-4300,
CVE-2016-4302)

It was discovered that libarchive incorrectly handled memory allocation
with large cpio symlinks. A remote attacker could use this issue to
possibly cause libarchive to crash, resulting in a denial of service.
(CVE-2016-4809)

OSVersionArchitecturePackageVersionFilename
Ubuntu16.04noarchlibarchive13< 3.1.2-11ubuntu0.16.04.2UNKNOWN
Ubuntu16.04noarchbsdcpio< 3.1.2-11ubuntu0.16.04.2UNKNOWN
Ubuntu16.04noarchbsdcpio-dbgsym< 3.1.2-11ubuntu0.16.04.2UNKNOWN
Ubuntu16.04noarchbsdtar< 3.1.2-11ubuntu0.16.04.2UNKNOWN
Ubuntu16.04noarchbsdtar-dbgsym< 3.1.2-11ubuntu0.16.04.2UNKNOWN
Ubuntu16.04noarchlibarchive-dev< 3.1.2-11ubuntu0.16.04.2UNKNOWN
Ubuntu16.04noarchlibarchive13-dbgsym< 3.1.2-11ubuntu0.16.04.2UNKNOWN
Ubuntu15.10noarchlibarchive13< 3.1.2-11ubuntu0.15.10.2UNKNOWN
Ubuntu15.10noarchbsdcpio< 3.1.2-11ubuntu0.15.10.2UNKNOWN
Ubuntu15.10noarchbsdcpio-dbgsym< 3.1.2-11ubuntu0.15.10.2UNKNOWN
Rows per page:
1-10 of 281

Related

nessus 25
cloudfoundry 1
debian 2
openvas 18
oraclelinux 2
suse 3
amazon 1
centos 2
redhat 2
ibm 2
gentoo 1
mageia 1
freebsd 1
ubuntucve 20
f5 3
threatpost 1
debiancve 20
prion 20
redhatcve 20
veracode 20
cve 20
osv 4
alpinelinux 5
talos 2
seebug 2
intel 1
nessus
nessus
Debian DSA-3657-1 : libarchive - security update
2016-08-31 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS : libarchive vulnerabilities (USN-3033-1)
2016-07-15 00:00:00
Debian DLA-554-1 : libarchive security update
2016-07-22 00:00:00
cloudfoundry
cloudfoundry
USN-3033-1 libarchive vulnerability | Cloud Foundry
2016-08-25 00:00:00
debian
debian
[SECURITY] [DSA 3657-1] libarchive security update
2016-08-30 21:15:15
[SECURITY] [DLA 554-1] libarchive security update
2016-07-21 06:10:45
openvas
openvas
Ubuntu: Security Advisory (USN-3033-1)
2016-07-15 00:00:00
Debian: Security Advisory (DSA-3657-1)
2016-09-07 00:00:00
Debian Security Advisory DSA 3657-1 (libarchive - security update)
2016-09-07 00:00:00
oraclelinux
oraclelinux
libarchive security update
2016-09-12 00:00:00
libarchive security update
2016-09-12 00:00:00
suse
suse
Security update for libarchive (important)
2016-08-11 17:13:38
Security update for libarchive (important)
2016-07-29 14:09:01
Security update for bsdtar (important)
2016-08-02 17:08:50
amazon
amazon
Important: libarchive
2016-09-27 10:30:00
centos
centos
bsdcpio, bsdtar, libarchive security update
2016-09-16 00:18:58
libarchive security update
2016-09-15 22:26:12
redhat
redhat
(RHSA-2016:1844) Important: libarchive security update
2016-09-12 15:10:21
(RHSA-2016:1850) Important: libarchive security update
2016-09-12 15:10:17
ibm
ibm
Security Bulletin: Vulnerabilities in libarchive affect PowerKVM
2018-06-18 01:33:29
Security Bulletin: Multiple libarchive vulnerabilities affect Watson Explorer
2018-06-17 13:07:18
gentoo
gentoo
libarchive: Multiple vulnerabilities
2017-01-01 00:00:00
mageia
mageia
Updated libarchive packages fix security vulnerability
2016-07-05 18:47:08
freebsd
freebsd
libarchive -- multiple vulnerabilities
2016-06-23 00:00:00
ubuntucve
ubuntucve
CVE-2015-8917
2015-12-31 00:00:00
CVE-2015-8916
2015-12-31 00:00:00
CVE-2015-8931
2015-12-31 00:00:00
f5
f5
K91432940 : libarchive vulnerabilities CVE-2015-8920 and CVE-2016-4809
2016-12-07 00:00:00
K90412202 : libarchive vulnerability CVE-2015-8932
2016-12-08 00:00:00
K24036027 : libarchive vulnerability CVE-2016-5844
2016-12-07 00:00:00
threatpost
threatpost
Patched libarchive Vulnerabilities Have Big Reach
2016-06-22 16:27:33
debiancve
debiancve
CVE-2015-8928
2016-09-20 14:15:00
CVE-2015-8931
2016-09-20 14:15:00
CVE-2015-8916
2016-09-20 14:15:00
prion
prion
Null pointer dereference
2016-09-20 14:15:00
Integer overflow
2016-09-20 14:15:00
Code injection
2016-09-20 14:15:00
redhatcve
redhatcve
CVE-2015-8916
2016-06-22 06:19:25
CVE-2015-8920
2016-06-22 06:18:34
CVE-2015-8930
2016-06-23 00:48:33
veracode
veracode
Undefined Behavior Through Integer Overflow
2018-04-10 07:43:45
Denial Of Service (DoS)
2018-07-31 13:22:06
Denial Of Service (DoS) Through Stack Buffer Underflow
2019-01-15 09:13:06
cve
cve
CVE-2015-8930
2016-09-20 14:15:00
CVE-2015-8926
2016-09-20 14:15:00
CVE-2015-8919
2016-09-20 14:15:00
osv
osv
CVE-2015-8934
2016-09-20 14:15:00
CVE-2016-4809
2016-09-21 14:25:00
CVE-2016-4302
2016-09-21 14:25:00
alpinelinux
alpinelinux
CVE-2016-4809
2016-09-21 14:25:00
CVE-2016-4300
2016-09-21 14:25:00
CVE-2015-8934
2016-09-20 14:15:00
talos
talos
Libarchive Rar RestartModel Code Execution Vulnerability
2016-06-19 00:00:00
Libarchive 7zip read_SubStreamsInfo Code Execution Vulnerability
2016-06-19 00:00:00
seebug
seebug
Libarchive Rar RestartModel Code Execution Vulnerability(CVE-2016-4302)
2017-10-20 00:00:00
Libarchive 7zip read_SubStreamsInfo Code Execution Vulnerability(CVE-2016-4300)
2017-10-20 00:00:00
intel
intel
Multiple Intel Software Products impacted by CVE-2016-4300
2016-09-13 00:00:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.075 Low

EPSS

Percentile

94.1%

JSON
Related for USN-3033-1
nessus25cloudfoundry1debian2openvas18oraclelinux2suse3amazon1centos2redhat2ibm2gentoo1mageia1freebsd1ubuntucve20f53threatpost1debiancve20prion20redhatcve20veracode20cve20osv4alpinelinux5talos2seebug2intel1