This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Cabextract Project First view 2005-01-27
Product Cabextract Last view 2019-11-29
Version 0.2 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:cabextract_project:cabextract

Activity : Overall

Related : CVE

  Date Alert Description
5.3 2019-11-29 CVE-2015-2060

cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash.
6.5 2018-10-22 CVE-2018-18584

In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.
8.8 2018-07-28 CVE-2018-14682

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.
8.8 2018-07-28 CVE-2018-14681

An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.
6.5 2018-07-28 CVE-2018-14680

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.
6.5 2018-07-28 CVE-2018-14679

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).
5.1 2010-08-09 CVE-2010-2801

Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Quantum archive in a .cab file, related to the libmspack library.
4.3 2010-08-09 CVE-2010-2800

The MS-ZIP decompressor in cabextract before 1.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed MSZIP archive in a .cab file during a (1) test or (2) extract action, related to the libmspack library.
5 2005-01-27 CVE-2004-0916

Directory traversal vulnerability in cabextract before 1.1 allows remote attackers to overwrite arbitrary files via a cabinet file containing .. (dot dot) sequences in a filename.

CWE : Common Weakness Enumeration

%idName
25% (2) CWE-787 Out-of-bounds Write
25% (2) CWE-193 Off-by-one Error
12% (1) CWE-399 Resource Management Errors
12% (1) CWE-189 Numeric Errors
12% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
12% (1) CWE-20 Improper Input Validation

Open Source Vulnerability Database (OSVDB)

id Description
66957 cabextract Quantum Decompressor Crafted Quantum Archive Integer Signedness DoS
66955 cabextract MS-ZIP Decompressor Malformed MSZIP Archive Multiple Action Infini...
10953 cabextract Traversal Arbitrary File Overwrite

OpenVAS Exploits

id Description
2010-12-02 Name : Fedora Update for cabextract FEDORA-2010-14135
File : nvt/gb_fedora_2010_14135_cabextract_fc14.nasl
2010-12-02 Name : Fedora Update for libmspack FEDORA-2010-14135
File : nvt/gb_fedora_2010_14135_libmspack_fc14.nasl
2010-10-01 Name : Fedora Update for cabextract FEDORA-2010-14634
File : nvt/gb_fedora_2010_14634_cabextract_fc12.nasl
2010-10-01 Name : Fedora Update for libmspack FEDORA-2010-14634
File : nvt/gb_fedora_2010_14634_libmspack_fc12.nasl
2010-10-01 Name : Fedora Update for cabextract FEDORA-2010-14722
File : nvt/gb_fedora_2010_14722_cabextract_fc13.nasl
2010-10-01 Name : Fedora Update for libmspack FEDORA-2010-14722
File : nvt/gb_fedora_2010_14722_libmspack_fc13.nasl
2010-08-21 Name : Debian Security Advisory DSA 2087-1 (cabextract)
File : nvt/deb_2087_1.nasl
2010-08-21 Name : FreeBSD Ports: libmspack
File : nvt/freebsd_libmspack.nasl
2010-08-20 Name : Mandriva Update for cabextract MDVSA-2010:154 (cabextract)
File : nvt/gb_mandriva_MDVSA_2010_154.nasl
2008-09-04 Name : FreeBSD Ports: cabextract
File : nvt/freebsd_cabextract.nasl
2008-01-17 Name : Debian Security Advisory DSA 574-1 (cabextract)
File : nvt/deb_574_1.nasl

Snort® IPS/IDS

Date Description
2019-12-10 Libmspack cabd_sys_read_block off-by-one heap overflow attempt
RuleID : 52133 - Type : FILE-OTHER - Revision : 2
2019-12-10 Libmspack cabd_sys_read_block off-by-one heap overflow attempt
RuleID : 52132 - Type : FILE-OTHER - Revision : 2

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-14 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2019-1146.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-eff94da132.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-ddda173f56.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2018-cb337fb199.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2018-a5953af115.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-847fe2ed61.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1436.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1435.nasl - Type: ACT_GATHER_INFO
2018-11-19 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2018-c73d257297.nasl - Type: ACT_GATHER_INFO
2018-11-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3327.nasl - Type: ACT_GATHER_INFO
2018-10-29 Name: The remote Debian host is missing a security update.
File: debian_DLA-1555.nasl - Type: ACT_GATHER_INFO
2018-10-17 Name: The remote Fedora host is missing a security update.
File: fedora_2018-1fc39f2d13.nasl - Type: ACT_GATHER_INFO
2018-10-04 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_8b812395c73911e8ab5b9c5c8e75236a.nasl - Type: ACT_GATHER_INFO
2018-08-13 Name: The remote Fedora host is missing a security update.
File: fedora_2018-e1adecd46c.nasl - Type: ACT_GATHER_INFO
2018-08-07 Name: The remote Debian host is missing a security update.
File: debian_DLA-1460.nasl - Type: ACT_GATHER_INFO
2018-08-03 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4260.nasl - Type: ACT_GATHER_INFO
2015-06-02 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_cfb12f0206e111e58fda002590263bf5.nasl - Type: ACT_GATHER_INFO
2015-03-30 Name: The remote Mandriva Linux host is missing a security update.
File: mandriva_MDVSA-2015-064.nasl - Type: ACT_GATHER_INFO
2015-03-10 Name: The remote Fedora host is missing a security update.
File: fedora_2015-2746.nasl - Type: ACT_GATHER_INFO
2015-03-10 Name: The remote Fedora host is missing a security update.
File: fedora_2015-2730.nasl - Type: ACT_GATHER_INFO
2014-07-11 Name: The remote SuSE 11 host is missing a security update.
File: suse_11_cabextract-140627.nasl - Type: ACT_GATHER_INFO
2013-12-16 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201312-09.nasl - Type: ACT_GATHER_INFO
2010-10-06 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2010-14722.nasl - Type: ACT_GATHER_INFO
2010-10-06 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2010-14634.nasl - Type: ACT_GATHER_INFO
2010-10-06 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2010-14135.nasl - Type: ACT_GATHER_INFO