Executive Summary
Summary | |
---|---|
Title | libarchive does not properly terminate loop |
Informations | |||
---|---|---|---|
Name | VU#970849 | First vendor Publication | 2008-03-20 |
Vendor | VU-CERT | Last vendor Modification | 2008-03-20 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#970849libarchive does not properly terminate loopOverviewlibarchive contains a vulnerability that may allow an attacker to cause a denial of service.I. DescriptionThe libarchive library provides an interface for reading and writing archive files.There is a vulnerability in libarchive that occurs when it parses the pax interchange format. If an archive prematurely ends within a pax extension, libarchive may enter an infinite loop. Multiple operating system vendors have released an update to address this issue. Administrators should the systems affected portion of this document for more information.
References
Theanks to CERT-FI and CPNI for information that was used in this report. This document was written by Ryan Giobbi.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/970849 |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 4 |
OpenVAS Exploits
Date | Description |
---|---|
2008-09-24 | Name : Gentoo Security Advisory GLSA 200708-03 (libarchive) File : nvt/glsa_200708_03.nasl |
2008-09-04 | Name : FreeBSD Security Advisory (FreeBSD-SA-07:05.libarchive.asc) File : nvt/freebsdsa_libarchive.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1455-1 (libarchive1) File : nvt/deb_1455_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
38094 | libarchive archive_read_support_format_tar.c TAR Archive Malformed PAX Extens... |
38093 | libarchive archive_read_support_format_tar.c PAX Archive Malformed PAX Extens... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2008-01-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1455.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_libarchive-3982.nasl - Type : ACT_GATHER_INFO |
2007-08-13 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200708-03.nasl - Type : ACT_GATHER_INFO |