Vulnerabilites related to freebsd - libarchive
CVE-2011-1779 (GCVE-0-2011-1779)
Vulnerability from cvelistv5
Published
2012-04-13 20:00
Modified
2024-08-06 22:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple use-after-free vulnerabilities in libarchive 2.8.4 and 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted (1) TAR archive or (2) ISO9660 image.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/libarchive/source/detail?r=3038"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=705849"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple use-after-free vulnerabilities in libarchive 2.8.4 and 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted (1) TAR archive or (2) ISO9660 image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-04-13T20:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/libarchive/source/detail?r=3038"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=705849"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1779",
"datePublished": "2012-04-13T20:00:00Z",
"dateReserved": "2011-04-19T00:00:00Z",
"dateUpdated": "2024-08-06T22:37:25.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1777 (GCVE-0-2011-1777)
Vulnerability from cvelistv5
Published
2012-04-13 20:00
Modified
2024-08-06 22:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple buffer overflows in the (1) heap_add_entry and (2) relocate_dir functions in archive_read_support_format_iso9660.c in libarchive through 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ISO9660 image.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48034",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48034"
},
{
"name": "RHSA-2011:1507",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2011-1507.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=705849"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/libarchive/source/detail?r=3158"
},
{
"name": "DSA-2413",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2413"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5281"
},
{
"name": "APPLE-SA-2012-05-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the (1) heap_add_entry and (2) relocate_dir functions in archive_read_support_format_iso9660.c in libarchive through 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ISO9660 image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-09T17:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "48034",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48034"
},
{
"name": "RHSA-2011:1507",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2011-1507.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=705849"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/libarchive/source/detail?r=3158"
},
{
"name": "DSA-2413",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2413"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5281"
},
{
"name": "APPLE-SA-2012-05-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1777",
"datePublished": "2012-04-13T20:00:00",
"dateReserved": "2011-04-19T00:00:00",
"dateUpdated": "2024-08-06T22:37:25.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1778 (GCVE-0-2011-1778)
Vulnerability from cvelistv5
Published
2012-04-13 20:00
Modified
2024-08-06 22:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TAR archive.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.831Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48034",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48034"
},
{
"name": "RHSA-2011:1507",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2011-1507.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=705849"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/libarchive/source/detail?r=3160"
},
{
"name": "DSA-2413",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2413"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5281"
},
{
"name": "APPLE-SA-2012-05-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TAR archive."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-09T17:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "48034",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48034"
},
{
"name": "RHSA-2011:1507",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2011-1507.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=705849"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/libarchive/source/detail?r=3160"
},
{
"name": "DSA-2413",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2413"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5281"
},
{
"name": "APPLE-SA-2012-05-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1778",
"datePublished": "2012-04-13T20:00:00",
"dateReserved": "2011-04-19T00:00:00",
"dateUpdated": "2024-08-06T22:37:25.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4666 (GCVE-0-2010-4666)
Vulnerability from cvelistv5
Published
2012-04-13 20:00
Modified
2024-08-07 03:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in libarchive 3.0 pre-release code allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CAB file, which is not properly handled during the reading of Huffman code data within LZX compressed data.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:18.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/libarchive/source/detail?r=2842"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=705849"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in libarchive 3.0 pre-release code allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CAB file, which is not properly handled during the reading of Huffman code data within LZX compressed data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-04-13T20:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/libarchive/source/detail?r=2842"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=705849"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4666",
"datePublished": "2012-04-13T20:00:00Z",
"dateReserved": "2011-01-03T00:00:00Z",
"dateUpdated": "2024-08-07T03:51:18.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3645 (GCVE-0-2007-3645)
Vulnerability from cvelistv5
Published
2007-07-15 21:00
Modified
2024-08-07 14:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (crash) via (1) an end-of-file condition within a tar header that follows a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive, which results in a NULL pointer dereference, a different issue than CVE-2007-3644.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:36.476Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "freebsd-libarchive-null-pax-dos(35404)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35404"
},
{
"name": "ADV-2007-2521",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2521"
},
{
"name": "DSA-1455",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1455"
},
{
"name": "FreeBSD-SA-07:05.libarchive",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.freebsd.org/patches/SA-07:05/libarchive.patch"
},
{
"name": "26050",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26050"
},
{
"name": "24885",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24885"
},
{
"name": "GLSA-200708-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200708-03.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924"
},
{
"name": "38094",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38094"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://people.freebsd.org/~kientzle/libarchive/"
},
{
"name": "26062",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26062"
},
{
"name": "38093",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38093"
},
{
"name": "26355",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26355"
},
{
"name": "1018379",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018379"
},
{
"name": "28377",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28377"
},
{
"name": "SUSE-SR:2007:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (crash) via (1) an end-of-file condition within a tar header that follows a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive, which results in a NULL pointer dereference, a different issue than CVE-2007-3644."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "freebsd-libarchive-null-pax-dos(35404)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35404"
},
{
"name": "ADV-2007-2521",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2521"
},
{
"name": "DSA-1455",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1455"
},
{
"name": "FreeBSD-SA-07:05.libarchive",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.freebsd.org/patches/SA-07:05/libarchive.patch"
},
{
"name": "26050",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26050"
},
{
"name": "24885",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24885"
},
{
"name": "GLSA-200708-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200708-03.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924"
},
{
"name": "38094",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38094"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://people.freebsd.org/~kientzle/libarchive/"
},
{
"name": "26062",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26062"
},
{
"name": "38093",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38093"
},
{
"name": "26355",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26355"
},
{
"name": "1018379",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018379"
},
{
"name": "28377",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28377"
},
{
"name": "SUSE-SR:2007:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2007-3645",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (crash) via (1) an end-of-file condition within a tar header that follows a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive, which results in a NULL pointer dereference, a different issue than CVE-2007-3644."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "freebsd-libarchive-null-pax-dos(35404)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35404"
},
{
"name": "ADV-2007-2521",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2521"
},
{
"name": "DSA-1455",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1455"
},
{
"name": "FreeBSD-SA-07:05.libarchive",
"refsource": "FREEBSD",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc"
},
{
"name": "http://security.freebsd.org/patches/SA-07:05/libarchive.patch",
"refsource": "MISC",
"url": "http://security.freebsd.org/patches/SA-07:05/libarchive.patch"
},
{
"name": "26050",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26050"
},
{
"name": "24885",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24885"
},
{
"name": "GLSA-200708-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200708-03.xml"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924"
},
{
"name": "38094",
"refsource": "OSVDB",
"url": "http://osvdb.org/38094"
},
{
"name": "http://people.freebsd.org/~kientzle/libarchive/",
"refsource": "CONFIRM",
"url": "http://people.freebsd.org/~kientzle/libarchive/"
},
{
"name": "26062",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26062"
},
{
"name": "38093",
"refsource": "OSVDB",
"url": "http://osvdb.org/38093"
},
{
"name": "26355",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26355"
},
{
"name": "1018379",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018379"
},
{
"name": "28377",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28377"
},
{
"name": "SUSE-SR:2007:015",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2007-3645",
"datePublished": "2007-07-15T21:00:00",
"dateReserved": "2007-07-09T00:00:00",
"dateUpdated": "2024-08-07T14:21:36.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3644 (GCVE-0-2007-3644)
Vulnerability from cvelistv5
Published
2007-07-14 00:00
Modified
2024-08-07 14:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (infinite loop) via (1) an end-of-file condition within a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:36.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-07:05",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc"
},
{
"name": "VU#970849",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/970849"
},
{
"name": "ADV-2007-2521",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2521"
},
{
"name": "DSA-1455",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1455"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.freebsd.org/patches/SA-07:05/libarchive.patch"
},
{
"name": "26050",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26050"
},
{
"name": "24885",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24885"
},
{
"name": "freebsd-libarchive-pax-dos(35402)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35402"
},
{
"name": "GLSA-200708-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200708-03.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924"
},
{
"name": "38094",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38094"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://people.freebsd.org/~kientzle/libarchive/"
},
{
"name": "26062",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26062"
},
{
"name": "38093",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38093"
},
{
"name": "26355",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26355"
},
{
"name": "1018379",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018379"
},
{
"name": "28377",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28377"
},
{
"name": "SUSE-SR:2007:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (infinite loop) via (1) an end-of-file condition within a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "FreeBSD-SA-07:05",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc"
},
{
"name": "VU#970849",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/970849"
},
{
"name": "ADV-2007-2521",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2521"
},
{
"name": "DSA-1455",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1455"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.freebsd.org/patches/SA-07:05/libarchive.patch"
},
{
"name": "26050",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26050"
},
{
"name": "24885",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24885"
},
{
"name": "freebsd-libarchive-pax-dos(35402)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35402"
},
{
"name": "GLSA-200708-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200708-03.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924"
},
{
"name": "38094",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38094"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://people.freebsd.org/~kientzle/libarchive/"
},
{
"name": "26062",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26062"
},
{
"name": "38093",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38093"
},
{
"name": "26355",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26355"
},
{
"name": "1018379",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018379"
},
{
"name": "28377",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28377"
},
{
"name": "SUSE-SR:2007:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2007-3644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (infinite loop) via (1) an end-of-file condition within a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-07:05",
"refsource": "FREEBSD",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc"
},
{
"name": "VU#970849",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/970849"
},
{
"name": "ADV-2007-2521",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2521"
},
{
"name": "DSA-1455",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1455"
},
{
"name": "http://security.freebsd.org/patches/SA-07:05/libarchive.patch",
"refsource": "MISC",
"url": "http://security.freebsd.org/patches/SA-07:05/libarchive.patch"
},
{
"name": "26050",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26050"
},
{
"name": "24885",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24885"
},
{
"name": "freebsd-libarchive-pax-dos(35402)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35402"
},
{
"name": "GLSA-200708-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200708-03.xml"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924"
},
{
"name": "38094",
"refsource": "OSVDB",
"url": "http://osvdb.org/38094"
},
{
"name": "http://people.freebsd.org/~kientzle/libarchive/",
"refsource": "CONFIRM",
"url": "http://people.freebsd.org/~kientzle/libarchive/"
},
{
"name": "26062",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26062"
},
{
"name": "38093",
"refsource": "OSVDB",
"url": "http://osvdb.org/38093"
},
{
"name": "26355",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26355"
},
{
"name": "1018379",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018379"
},
{
"name": "28377",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28377"
},
{
"name": "SUSE-SR:2007:015",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2007-3644",
"datePublished": "2007-07-14T00:00:00",
"dateReserved": "2007-07-09T00:00:00",
"dateUpdated": "2024-08-07T14:21:36.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3641 (GCVE-0-2007-3641)
Vulnerability from cvelistv5
Published
2007-07-14 00:00
Modified
2024-08-07 14:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:36.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "freebsd-libarchive-pax-bo(35405)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35405"
},
{
"name": "ADV-2007-2521",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2521"
},
{
"name": "DSA-1455",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1455"
},
{
"name": "FreeBSD-SA-07:05.libarchive",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.freebsd.org/patches/SA-07:05/libarchive.patch"
},
{
"name": "26050",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26050"
},
{
"name": "24885",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24885"
},
{
"name": "GLSA-200708-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200708-03.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924"
},
{
"name": "38092",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38092"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://people.freebsd.org/~kientzle/libarchive/"
},
{
"name": "26062",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26062"
},
{
"name": "26355",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26355"
},
{
"name": "1018379",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018379"
},
{
"name": "28377",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28377"
},
{
"name": "SUSE-SR:2007:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "freebsd-libarchive-pax-bo(35405)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35405"
},
{
"name": "ADV-2007-2521",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2521"
},
{
"name": "DSA-1455",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1455"
},
{
"name": "FreeBSD-SA-07:05.libarchive",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.freebsd.org/patches/SA-07:05/libarchive.patch"
},
{
"name": "26050",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26050"
},
{
"name": "24885",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24885"
},
{
"name": "GLSA-200708-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200708-03.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924"
},
{
"name": "38092",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38092"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://people.freebsd.org/~kientzle/libarchive/"
},
{
"name": "26062",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26062"
},
{
"name": "26355",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26355"
},
{
"name": "1018379",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018379"
},
{
"name": "28377",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28377"
},
{
"name": "SUSE-SR:2007:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2007-3641",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "freebsd-libarchive-pax-bo(35405)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35405"
},
{
"name": "ADV-2007-2521",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2521"
},
{
"name": "DSA-1455",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1455"
},
{
"name": "FreeBSD-SA-07:05.libarchive",
"refsource": "FREEBSD",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc"
},
{
"name": "http://security.freebsd.org/patches/SA-07:05/libarchive.patch",
"refsource": "MISC",
"url": "http://security.freebsd.org/patches/SA-07:05/libarchive.patch"
},
{
"name": "26050",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26050"
},
{
"name": "24885",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24885"
},
{
"name": "GLSA-200708-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200708-03.xml"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924"
},
{
"name": "38092",
"refsource": "OSVDB",
"url": "http://osvdb.org/38092"
},
{
"name": "http://people.freebsd.org/~kientzle/libarchive/",
"refsource": "CONFIRM",
"url": "http://people.freebsd.org/~kientzle/libarchive/"
},
{
"name": "26062",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26062"
},
{
"name": "26355",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26355"
},
{
"name": "1018379",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018379"
},
{
"name": "28377",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28377"
},
{
"name": "SUSE-SR:2007:015",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2007-3641",
"datePublished": "2007-07-14T00:00:00",
"dateReserved": "2007-07-09T00:00:00",
"dateUpdated": "2024-08-07T14:21:36.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2007-07-14 00:30
Modified
2025-04-09 00:30
Severity ?
Summary
archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (infinite loop) via (1) an end-of-file condition within a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secteam@freebsd.org | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924 | ||
| secteam@freebsd.org | http://osvdb.org/38093 | ||
| secteam@freebsd.org | http://osvdb.org/38094 | ||
| secteam@freebsd.org | http://people.freebsd.org/~kientzle/libarchive/ | ||
| secteam@freebsd.org | http://secunia.com/advisories/26050 | Patch, Vendor Advisory | |
| secteam@freebsd.org | http://secunia.com/advisories/26062 | Patch, Vendor Advisory | |
| secteam@freebsd.org | http://secunia.com/advisories/26355 | ||
| secteam@freebsd.org | http://secunia.com/advisories/28377 | ||
| secteam@freebsd.org | http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc | Vendor Advisory | |
| secteam@freebsd.org | http://security.freebsd.org/patches/SA-07:05/libarchive.patch | Patch | |
| secteam@freebsd.org | http://security.gentoo.org/glsa/glsa-200708-03.xml | ||
| secteam@freebsd.org | http://www.debian.org/security/2008/dsa-1455 | ||
| secteam@freebsd.org | http://www.kb.cert.org/vuls/id/970849 | US Government Resource | |
| secteam@freebsd.org | http://www.novell.com/linux/security/advisories/2007_15_sr.html | ||
| secteam@freebsd.org | http://www.securityfocus.com/bid/24885 | Patch | |
| secteam@freebsd.org | http://www.securitytracker.com/id?1018379 | ||
| secteam@freebsd.org | http://www.vupen.com/english/advisories/2007/2521 | ||
| secteam@freebsd.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/35402 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/38093 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/38094 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://people.freebsd.org/~kientzle/libarchive/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26050 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26062 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26355 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28377 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.freebsd.org/patches/SA-07:05/libarchive.patch | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200708-03.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2008/dsa-1455 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/970849 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2007_15_sr.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/24885 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1018379 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/2521 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/35402 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freebsd | libarchive | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freebsd:libarchive:*:*:*:*:*:*:*:*",
"matchCriteriaId": "637AE244-745E-4506-90FA-6092C83CC9BD",
"versionEndIncluding": "2.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (infinite loop) via (1) an end-of-file condition within a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive."
},
{
"lang": "es",
"value": "archive_read_support_format_tar.c de libarchive versiones anteriores a 2.2.4 permite a atacantes remotos con la complicidad del usuario provocar una denegaci\u00f3n de servicio (bucle infinito) mediante (1) una condici\u00f3n de final de fichero con una cabecera de extensi\u00f3n pax \u00f3 (2) una una cabecera de extensi\u00f3n pax malformada en un fichero (a) PAX \u00f3 (b) TAR."
}
],
"id": "CVE-2007-3644",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-07-14T00:30:00.000",
"references": [
{
"source": "secteam@freebsd.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924"
},
{
"source": "secteam@freebsd.org",
"url": "http://osvdb.org/38093"
},
{
"source": "secteam@freebsd.org",
"url": "http://osvdb.org/38094"
},
{
"source": "secteam@freebsd.org",
"url": "http://people.freebsd.org/~kientzle/libarchive/"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26050"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26062"
},
{
"source": "secteam@freebsd.org",
"url": "http://secunia.com/advisories/26355"
},
{
"source": "secteam@freebsd.org",
"url": "http://secunia.com/advisories/28377"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Vendor Advisory"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Patch"
],
"url": "http://security.freebsd.org/patches/SA-07:05/libarchive.patch"
},
{
"source": "secteam@freebsd.org",
"url": "http://security.gentoo.org/glsa/glsa-200708-03.xml"
},
{
"source": "secteam@freebsd.org",
"url": "http://www.debian.org/security/2008/dsa-1455"
},
{
"source": "secteam@freebsd.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/970849"
},
{
"source": "secteam@freebsd.org",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/24885"
},
{
"source": "secteam@freebsd.org",
"url": "http://www.securitytracker.com/id?1018379"
},
{
"source": "secteam@freebsd.org",
"url": "http://www.vupen.com/english/advisories/2007/2521"
},
{
"source": "secteam@freebsd.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35402"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/38093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/38094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://people.freebsd.org/~kientzle/libarchive/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://security.freebsd.org/patches/SA-07:05/libarchive.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200708-03.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/970849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/24885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35402"
}
],
"sourceIdentifier": "secteam@freebsd.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-07-15 21:30
Modified
2025-04-09 00:30
Severity ?
Summary
archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (crash) via (1) an end-of-file condition within a tar header that follows a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive, which results in a NULL pointer dereference, a different issue than CVE-2007-3644.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secteam@freebsd.org | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924 | ||
| secteam@freebsd.org | http://osvdb.org/38093 | ||
| secteam@freebsd.org | http://osvdb.org/38094 | ||
| secteam@freebsd.org | http://people.freebsd.org/~kientzle/libarchive/ | ||
| secteam@freebsd.org | http://secunia.com/advisories/26050 | Patch, Vendor Advisory | |
| secteam@freebsd.org | http://secunia.com/advisories/26062 | Patch, Vendor Advisory | |
| secteam@freebsd.org | http://secunia.com/advisories/26355 | ||
| secteam@freebsd.org | http://secunia.com/advisories/28377 | ||
| secteam@freebsd.org | http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc | Patch, Vendor Advisory | |
| secteam@freebsd.org | http://security.freebsd.org/patches/SA-07:05/libarchive.patch | Patch | |
| secteam@freebsd.org | http://security.gentoo.org/glsa/glsa-200708-03.xml | ||
| secteam@freebsd.org | http://www.debian.org/security/2008/dsa-1455 | ||
| secteam@freebsd.org | http://www.novell.com/linux/security/advisories/2007_15_sr.html | ||
| secteam@freebsd.org | http://www.securityfocus.com/bid/24885 | Patch | |
| secteam@freebsd.org | http://www.securitytracker.com/id?1018379 | ||
| secteam@freebsd.org | http://www.vupen.com/english/advisories/2007/2521 | ||
| secteam@freebsd.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/35404 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/38093 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/38094 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://people.freebsd.org/~kientzle/libarchive/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26050 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26062 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26355 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28377 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.freebsd.org/patches/SA-07:05/libarchive.patch | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200708-03.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2008/dsa-1455 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2007_15_sr.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/24885 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1018379 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/2521 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/35404 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freebsd | libarchive | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freebsd:libarchive:*:*:*:*:*:*:*:*",
"matchCriteriaId": "637AE244-745E-4506-90FA-6092C83CC9BD",
"versionEndIncluding": "2.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (crash) via (1) an end-of-file condition within a tar header that follows a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive, which results in a NULL pointer dereference, a different issue than CVE-2007-3644."
},
{
"lang": "es",
"value": "archive_read_support_format_tar.c en libarchive anterior a 2.2.4 permite a atacantes remotos con la complicidad del usuario provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante (1) una condici\u00f3n de fin de fichero dentro de una cabecera tar que sigue una cabecera de extensi\u00f3n pax o (2) una cabecera de extensi\u00f3n pax en un archivo (a) PAX o (b) TAR, lo cual resulta en una referencia a un puntero nulo, un asunto diferente que CVE-2007-3644."
}
],
"evaluatorSolution": "The vendor has released an update addressing this issue: http://people.freebsd.org/~kientzle/libarchive/",
"id": "CVE-2007-3645",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-07-15T21:30:00.000",
"references": [
{
"source": "secteam@freebsd.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924"
},
{
"source": "secteam@freebsd.org",
"url": "http://osvdb.org/38093"
},
{
"source": "secteam@freebsd.org",
"url": "http://osvdb.org/38094"
},
{
"source": "secteam@freebsd.org",
"url": "http://people.freebsd.org/~kientzle/libarchive/"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26050"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26062"
},
{
"source": "secteam@freebsd.org",
"url": "http://secunia.com/advisories/26355"
},
{
"source": "secteam@freebsd.org",
"url": "http://secunia.com/advisories/28377"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Patch"
],
"url": "http://security.freebsd.org/patches/SA-07:05/libarchive.patch"
},
{
"source": "secteam@freebsd.org",
"url": "http://security.gentoo.org/glsa/glsa-200708-03.xml"
},
{
"source": "secteam@freebsd.org",
"url": "http://www.debian.org/security/2008/dsa-1455"
},
{
"source": "secteam@freebsd.org",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/24885"
},
{
"source": "secteam@freebsd.org",
"url": "http://www.securitytracker.com/id?1018379"
},
{
"source": "secteam@freebsd.org",
"url": "http://www.vupen.com/english/advisories/2007/2521"
},
{
"source": "secteam@freebsd.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35404"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/38093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/38094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://people.freebsd.org/~kientzle/libarchive/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://security.freebsd.org/patches/SA-07:05/libarchive.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200708-03.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/24885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35404"
}
],
"sourceIdentifier": "secteam@freebsd.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-04-13 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TAR archive.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://code.google.com/p/libarchive/source/detail?r=3160 | ||
| secalert@redhat.com | http://lists.apple.com/archives/security-announce/2012/May/msg00001.html | ||
| secalert@redhat.com | http://secunia.com/advisories/48034 | ||
| secalert@redhat.com | http://support.apple.com/kb/HT5281 | ||
| secalert@redhat.com | http://www.debian.org/security/2012/dsa-2413 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=705849 | ||
| secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2011-1507.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://code.google.com/p/libarchive/source/detail?r=3160 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2012/May/msg00001.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/48034 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT5281 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2012/dsa-2413 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=705849 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2011-1507.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freebsd | libarchive | * | |
| freebsd | libarchive | 2.0 | |
| freebsd | libarchive | 2.1 | |
| freebsd | libarchive | 2.2 | |
| freebsd | libarchive | 2.2.3 | |
| freebsd | libarchive | 2.3 | |
| freebsd | libarchive | 2.4 | |
| freebsd | libarchive | 2.5 | |
| freebsd | libarchive | 2.6 | |
| freebsd | libarchive | 2.6.1 | |
| freebsd | libarchive | 2.6.2 | |
| freebsd | libarchive | 2.7.0 | |
| freebsd | libarchive | 2.7.1 | |
| freebsd | libarchive | 2.8.0 | |
| freebsd | libarchive | 2.8.1 | |
| freebsd | libarchive | 2.8.2 | |
| freebsd | libarchive | 2.8.3 | |
| freebsd | libarchive | 2.8.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freebsd:libarchive:*:*:*:*:*:*:*:*",
"matchCriteriaId": "368424B7-7A08-44EE-861D-95F3F4BF82B1",
"versionEndIncluding": "2.8.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freebsd:libarchive:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3753B9F-CBED-462F-B209-2CB96BA007E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freebsd:libarchive:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC137D4C-8BDB-4BCC-83B0-051BF112EBFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freebsd:libarchive:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48996E6B-4B09-4858-A848-DF8AFC282B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freebsd:libarchive:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0A3F3A08-0B42-40B7-91F6-00B2F7FF26CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freebsd:libarchive:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "91C7B583-2820-4B32-9182-026F9969F9D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freebsd:libarchive:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC04763-2FEA-44E5-B117-6884C558BAE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freebsd:libarchive:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB37633-F110-4F87-95D2-9F61DD83EE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freebsd:libarchive:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3CB56712-0ACC-402C-95D3-CDAA46BFCD7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freebsd:libarchive:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5341EC48-4C91-4C8F-AA20-F695B7FD9BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freebsd:libarchive:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "55DB89CA-C763-4B72-B709-0632C413BD45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freebsd:libarchive:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA6CD573-3128-4FC0-9F9A-796F2C82FBCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freebsd:libarchive:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3026BE26-BC84-4F53-9CBC-1335A946E075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freebsd:libarchive:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56AE92D3-67DF-4CF9-ABDD-A3BAD8F28BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freebsd:libarchive:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8BD245EB-E95D-42B8-88A0-55A9DE5C2D41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freebsd:libarchive:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "968B42D1-9A4F-4898-A505-EE8BCE35A596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freebsd:libarchive:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2BE82186-D43B-4C08-A338-9C53A4B64B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freebsd:libarchive:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2E6033C5-CD4E-447C-89DD-3F04A81320CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TAR archive."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en libarchive hasta v2.8.5, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente la ejecuci\u00f3n de c\u00f3digo a trav\u00e9s de un fichero TAR manipulado."
}
],
"id": "CVE-2011-1778",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-04-13T20:55:01.353",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://code.google.com/p/libarchive/source/detail?r=3160"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/48034"
},
{
"source": "secalert@redhat.com",
"url": "http://support.apple.com/kb/HT5281"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2012/dsa-2413"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=705849"
},
{
"source": "secalert@redhat.com",
"url": "https://rhn.redhat.com/errata/RHSA-2011-1507.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/libarchive/source/detail?r=3160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT5281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=705849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2011-1507.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-04-13 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple buffer overflows in the (1) heap_add_entry and (2) relocate_dir functions in archive_read_support_format_iso9660.c in libarchive through 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ISO9660 image.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://code.google.com/p/libarchive/source/detail?r=3158 | ||
| secalert@redhat.com | http://lists.apple.com/archives/security-announce/2012/May/msg00001.html | ||
| secalert@redhat.com | http://secunia.com/advisories/48034 | ||
| secalert@redhat.com | http://support.apple.com/kb/HT5281 | ||
| secalert@redhat.com | http://www.debian.org/security/2012/dsa-2413 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=705849 | ||
| secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2011-1507.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://code.google.com/p/libarchive/source/detail?r=3158 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2012/May/msg00001.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/48034 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT5281 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2012/dsa-2413 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=705849 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2011-1507.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freebsd | libarchive | * | |
| freebsd | libarchive | 2.0 | |
| freebsd | libarchive | 2.1 | |
| freebsd | libarchive | 2.2 | |
| freebsd | libarchive | 2.2.3 | |
| freebsd | libarchive | 2.3 | |
| freebsd | libarchive | 2.4 | |
| freebsd | libarchive | 2.5 | |
| freebsd | libarchive | 2.6 | |
| freebsd | libarchive | 2.6.1 | |
| freebsd | libarchive | 2.6.2 | |
| freebsd | libarchive | 2.7.0 | |
| freebsd | libarchive | 2.7.1 | |
| freebsd | libarchive | 2.8.0 | |
| freebsd | libarchive | 2.8.1 | |
| freebsd | libarchive | 2.8.2 | |
| freebsd | libarchive | 2.8.3 | |
| freebsd | libarchive | 2.8.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freebsd:libarchive:*:*:*:*:*:*:*:*",
"matchCriteriaId": "368424B7-7A08-44EE-861D-95F3F4BF82B1",
"versionEndIncluding": "2.8.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freebsd:libarchive:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3753B9F-CBED-462F-B209-2CB96BA007E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freebsd:libarchive:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC137D4C-8BDB-4BCC-83B0-051BF112EBFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freebsd:libarchive:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48996E6B-4B09-4858-A848-DF8AFC282B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freebsd:libarchive:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0A3F3A08-0B42-40B7-91F6-00B2F7FF26CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freebsd:libarchive:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "91C7B583-2820-4B32-9182-026F9969F9D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freebsd:libarchive:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC04763-2FEA-44E5-B117-6884C558BAE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freebsd:libarchive:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB37633-F110-4F87-95D2-9F61DD83EE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freebsd:libarchive:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3CB56712-0ACC-402C-95D3-CDAA46BFCD7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freebsd:libarchive:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5341EC48-4C91-4C8F-AA20-F695B7FD9BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freebsd:libarchive:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "55DB89CA-C763-4B72-B709-0632C413BD45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freebsd:libarchive:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA6CD573-3128-4FC0-9F9A-796F2C82FBCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freebsd:libarchive:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3026BE26-BC84-4F53-9CBC-1335A946E075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freebsd:libarchive:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56AE92D3-67DF-4CF9-ABDD-A3BAD8F28BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freebsd:libarchive:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8BD245EB-E95D-42B8-88A0-55A9DE5C2D41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freebsd:libarchive:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "968B42D1-9A4F-4898-A505-EE8BCE35A596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freebsd:libarchive:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2BE82186-D43B-4C08-A338-9C53A4B64B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freebsd:libarchive:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2E6033C5-CD4E-447C-89DD-3F04A81320CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the (1) heap_add_entry and (2) relocate_dir functions in archive_read_support_format_iso9660.c in libarchive through 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ISO9660 image."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer en las funciones (1) heap_add_entry y (2) relocate_dir en archive_read_support_format_iso9660.c en libarchive hasta v2.8.5, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente la ejecuci\u00f3n de c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una imagen ISO9660 manipulada."
}
],
"id": "CVE-2011-1777",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-04-13T20:55:01.307",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://code.google.com/p/libarchive/source/detail?r=3158"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/48034"
},
{
"source": "secalert@redhat.com",
"url": "http://support.apple.com/kb/HT5281"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2012/dsa-2413"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=705849"
},
{
"source": "secalert@redhat.com",
"url": "https://rhn.redhat.com/errata/RHSA-2011-1507.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/libarchive/source/detail?r=3158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT5281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=705849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2011-1507.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-04-13 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple use-after-free vulnerabilities in libarchive 2.8.4 and 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted (1) TAR archive or (2) ISO9660 image.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://code.google.com/p/libarchive/source/detail?r=3038 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=705849 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://code.google.com/p/libarchive/source/detail?r=3038 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=705849 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freebsd | libarchive | 2.8.4 | |
| freebsd | libarchive | 2.8.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freebsd:libarchive:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2E6033C5-CD4E-447C-89DD-3F04A81320CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freebsd:libarchive:2.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75AB65F4-5795-482A-895F-9E31D2300BDB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple use-after-free vulnerabilities in libarchive 2.8.4 and 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted (1) TAR archive or (2) ISO9660 image."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de uso despues de la liberaci\u00f3n en libarchive v2.8.4 y v2.8.5, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) o posiblemente tener otros impactos no especificados a trav\u00e9s de un (1) archivo TAR o (2) imagen ISO9660 manipuladas."
}
],
"id": "CVE-2011-1779",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-04-13T20:55:01.400",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://code.google.com/p/libarchive/source/detail?r=3038"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=705849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/libarchive/source/detail?r=3038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=705849"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-04-13 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
Buffer overflow in libarchive 3.0 pre-release code allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CAB file, which is not properly handled during the reading of Huffman code data within LZX compressed data.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://code.google.com/p/libarchive/source/detail?r=2842 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=705849 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://code.google.com/p/libarchive/source/detail?r=2842 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=705849 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freebsd | libarchive | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freebsd:libarchive:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9413114B-3D58-473F-B503-D9E0653E8144",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in libarchive 3.0 pre-release code allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CAB file, which is not properly handled during the reading of Huffman code data within LZX compressed data."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el c\u00f3digo libarchive v3.0 pre-release, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente terner otro impacto a trav\u00e9s de un fichero CAB manipulado, que no es gestionado de forma adecuada durante la lectura del c\u00f3digo Huffman dentro de los datos comprimidos LZX."
}
],
"id": "CVE-2010-4666",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-04-13T20:55:01.120",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://code.google.com/p/libarchive/source/detail?r=2842"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=705849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/libarchive/source/detail?r=2842"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=705849"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-07-14 00:30
Modified
2025-04-09 00:30
Severity ?
Summary
archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secteam@freebsd.org | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924 | ||
| secteam@freebsd.org | http://osvdb.org/38092 | ||
| secteam@freebsd.org | http://people.freebsd.org/~kientzle/libarchive/ | ||
| secteam@freebsd.org | http://secunia.com/advisories/26050 | Patch, Vendor Advisory | |
| secteam@freebsd.org | http://secunia.com/advisories/26062 | Patch, Vendor Advisory | |
| secteam@freebsd.org | http://secunia.com/advisories/26355 | ||
| secteam@freebsd.org | http://secunia.com/advisories/28377 | ||
| secteam@freebsd.org | http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc | ||
| secteam@freebsd.org | http://security.freebsd.org/patches/SA-07:05/libarchive.patch | Patch | |
| secteam@freebsd.org | http://security.gentoo.org/glsa/glsa-200708-03.xml | ||
| secteam@freebsd.org | http://www.debian.org/security/2008/dsa-1455 | ||
| secteam@freebsd.org | http://www.novell.com/linux/security/advisories/2007_15_sr.html | ||
| secteam@freebsd.org | http://www.securityfocus.com/bid/24885 | Patch | |
| secteam@freebsd.org | http://www.securitytracker.com/id?1018379 | ||
| secteam@freebsd.org | http://www.vupen.com/english/advisories/2007/2521 | ||
| secteam@freebsd.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/35405 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/38092 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://people.freebsd.org/~kientzle/libarchive/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26050 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26062 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26355 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28377 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.freebsd.org/patches/SA-07:05/libarchive.patch | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200708-03.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2008/dsa-1455 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2007_15_sr.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/24885 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1018379 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/2521 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/35405 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freebsd | libarchive | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freebsd:libarchive:*:*:*:*:*:*:*:*",
"matchCriteriaId": "637AE244-745E-4506-90FA-6092C83CC9BD",
"versionEndIncluding": "2.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow."
},
{
"lang": "es",
"value": "El archive_read_support_format_tar.c en el libarchive anterior al 2.2.4 no calcula adecuadamente la longitud de ciertos b\u00fafers cuando est\u00e1 procesando cabeceras de la extensi\u00f3n pax mal formadas, lo que permite a atacantes con la intervenci\u00f3n del usuario provocar una denegaci\u00f3n de servicio (ca\u00edda) y, posiblemente, ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de archivos (1) PAX o (2) TAR que disparen desbordamientos de b\u00fafer."
}
],
"id": "CVE-2007-3641",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-07-14T00:30:00.000",
"references": [
{
"source": "secteam@freebsd.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924"
},
{
"source": "secteam@freebsd.org",
"url": "http://osvdb.org/38092"
},
{
"source": "secteam@freebsd.org",
"url": "http://people.freebsd.org/~kientzle/libarchive/"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26050"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26062"
},
{
"source": "secteam@freebsd.org",
"url": "http://secunia.com/advisories/26355"
},
{
"source": "secteam@freebsd.org",
"url": "http://secunia.com/advisories/28377"
},
{
"source": "secteam@freebsd.org",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Patch"
],
"url": "http://security.freebsd.org/patches/SA-07:05/libarchive.patch"
},
{
"source": "secteam@freebsd.org",
"url": "http://security.gentoo.org/glsa/glsa-200708-03.xml"
},
{
"source": "secteam@freebsd.org",
"url": "http://www.debian.org/security/2008/dsa-1455"
},
{
"source": "secteam@freebsd.org",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/24885"
},
{
"source": "secteam@freebsd.org",
"url": "http://www.securitytracker.com/id?1018379"
},
{
"source": "secteam@freebsd.org",
"url": "http://www.vupen.com/english/advisories/2007/2521"
},
{
"source": "secteam@freebsd.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/38092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://people.freebsd.org/~kientzle/libarchive/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://security.freebsd.org/patches/SA-07:05/libarchive.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200708-03.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/24885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35405"
}
],
"sourceIdentifier": "secteam@freebsd.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}