Denial of Service Vulnerability in libarchive Affects Remote Attackers
CVE-2015-8918

7.5HIGH

Key Information:

Vendor
Novell
Status
Suse Linux Enterprise Server
Suse Linux Enterprise Desktop
Suse Linux Enterprise Software Development Kit
Vendor
CVE Published:
20 September 2016

Summary

An issue exists in the archive_string_append function in libarchive prior to version 3.2.0, where remote attackers can exploit crafted cab files to trigger a denial of service. This vulnerability is linked to improper memory handling, leading to potential application crashes due to overlapping memory operations.

References

https://blog.fuzzing-project.org/47-Many-invalid-memory-a...
x_refsource_MISC
https://github.com/libarchive/libarchive/issues/506
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016...
vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2015-8918 : Denial of Service Vulnerability in libarchive Affects Remote Attackers | SecurityVulnerability.io