Lucene search

K
ubuntucveUbuntu.comUB:CVE-2015-8929
HistorySep 20, 2016 - 12:00 a.m.

CVE-2015-8929

2016-09-2000:00:00
ubuntu.com
ubuntu.com
17
cve-2015-8929
memory leak
archive_read_get_extract
libarchive 3.2.0
denial of service
tar file
remote attackers
fixed
mdeslaur

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.012

Percentile

85.3%

Memory leak in the __archive_read_get_extract function in
archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers
to cause a denial of service via a tar file.

Bugs

Notes

Author Note
mdeslaur introduced and fixed between 3.1.2 and 3.2.0

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.012

Percentile

85.3%