Denial of Service Vulnerability in Libarchive by FreeBSD
CVE-2007-3645

Currently unrated

Key Information:

Vendor: FreeBSD
Status: Libarchive
Vendor: CVE Published:; 15 July 2007

What is CVE-2007-3645?

Libarchive, before version 2.2.4, is prone to a denial of service vulnerability that can be triggered by user-assisted remote attackers. This vulnerability surfaces when a crafted TAR archive contains either an end-of-file condition that improperly follows a PAX extension header or contains a malformed PAX extension header. Exploitation leads to a NULL pointer dereference, causing the application to crash. It's crucial for users and administrators to implement updates and effective security measures to safeguard their systems against this vulnerability.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/35404

vdb-entryx_refsource_XF

http://www.vupen.com/english/advisories/2007/2521

vdb-entryx_refsource_VUPEN

http://www.debian.org/security/2008/dsa-1455

vendor-advisoryx_refsource_DEBIAN

EPSS Score

14% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 15, 2007
Vulnerability Reserved
Jul 9, 2007