fkie_nvd - fkie_cve-2011-1778

fkie_cve-2011-1778

Vulnerability from fkie_nvd

Published

2012-04-13 20:55

Modified

2025-04-11 00:51

Severity ?

Summary

Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TAR archive.

References

▶	URL	Tags
	secalert@redhat.com	http://code.google.com/p/libarchive/source/detail?r=3160
	secalert@redhat.com	http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
	secalert@redhat.com	http://secunia.com/advisories/48034
	secalert@redhat.com	http://support.apple.com/kb/HT5281
	secalert@redhat.com	http://www.debian.org/security/2012/dsa-2413
	secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=705849
	secalert@redhat.com	https://rhn.redhat.com/errata/RHSA-2011-1507.html
	af854a3a-2127-422b-91ae-364da2661108	http://code.google.com/p/libarchive/source/detail?r=3160
	af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48034
	af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT5281
	af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2012/dsa-2413
	af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=705849
	af854a3a-2127-422b-91ae-364da2661108	https://rhn.redhat.com/errata/RHSA-2011-1507.html

Impacted products

Vendor	Product	Version
freebsd	libarchive	*
freebsd	libarchive	2.0
freebsd	libarchive	2.1
freebsd	libarchive	2.2
freebsd	libarchive	2.2.3
freebsd	libarchive	2.3
freebsd	libarchive	2.4
freebsd	libarchive	2.5
freebsd	libarchive	2.6
freebsd	libarchive	2.6.1
freebsd	libarchive	2.6.2
freebsd	libarchive	2.7.0
freebsd	libarchive	2.7.1
freebsd	libarchive	2.8.0
freebsd	libarchive	2.8.1
freebsd	libarchive	2.8.2
freebsd	libarchive	2.8.3
freebsd	libarchive	2.8.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:freebsd:libarchive:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "368424B7-7A08-44EE-861D-95F3F4BF82B1",
              "versionEndIncluding": "2.8.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freebsd:libarchive:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3753B9F-CBED-462F-B209-2CB96BA007E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freebsd:libarchive:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC137D4C-8BDB-4BCC-83B0-051BF112EBFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freebsd:libarchive:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "48996E6B-4B09-4858-A848-DF8AFC282B0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freebsd:libarchive:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A3F3A08-0B42-40B7-91F6-00B2F7FF26CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freebsd:libarchive:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "91C7B583-2820-4B32-9182-026F9969F9D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freebsd:libarchive:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FC04763-2FEA-44E5-B117-6884C558BAE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freebsd:libarchive:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB37633-F110-4F87-95D2-9F61DD83EE38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freebsd:libarchive:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CB56712-0ACC-402C-95D3-CDAA46BFCD7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freebsd:libarchive:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5341EC48-4C91-4C8F-AA20-F695B7FD9BE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freebsd:libarchive:2.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "55DB89CA-C763-4B72-B709-0632C413BD45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freebsd:libarchive:2.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA6CD573-3128-4FC0-9F9A-796F2C82FBCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freebsd:libarchive:2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3026BE26-BC84-4F53-9CBC-1335A946E075",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freebsd:libarchive:2.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "56AE92D3-67DF-4CF9-ABDD-A3BAD8F28BC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freebsd:libarchive:2.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BD245EB-E95D-42B8-88A0-55A9DE5C2D41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freebsd:libarchive:2.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "968B42D1-9A4F-4898-A505-EE8BCE35A596",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freebsd:libarchive:2.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BE82186-D43B-4C08-A338-9C53A4B64B00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freebsd:libarchive:2.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E6033C5-CD4E-447C-89DD-3F04A81320CA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TAR archive."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en libarchive hasta v2.8.5, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente la ejecuci\u00f3n de c\u00f3digo a trav\u00e9s de un fichero TAR manipulado."
    }
  ],
  "id": "CVE-2011-1778",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-04-13T20:55:01.353",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://code.google.com/p/libarchive/source/detail?r=3160"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/48034"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.apple.com/kb/HT5281"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2012/dsa-2413"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=705849"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://rhn.redhat.com/errata/RHSA-2011-1507.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://code.google.com/p/libarchive/source/detail?r=3160"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48034"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT5281"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2012/dsa-2413"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=705849"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://rhn.redhat.com/errata/RHSA-2011-1507.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2011-1778 (GCVE-0-2011-1778)

Vulnerability from cvelistv5

Published

2012-04-13 20:00