Integer Overflow Vulnerability in libarchive Affects Multiple Platforms
CVE-2015-8931

7.8HIGH

Key Information:

Vendor

Libarchive

Status
Libarchive
Vendor
CVE Published:
20 September 2016

What is CVE-2015-8931?

The vulnerability manifests through multiple integer overflows in the 'get_time_t_max' and 'get_time_t_min' functions located in 'archive_read_support_format_mtree.c' within libarchive versions prior to 3.2.0. By crafting a malicious mtree file, remote attackers can exploit these overflows, potentially leading to undefined behavior and compromising the security of systems utilizing this library.

References

http://www.ubuntu.com/usn/USN-3033-1
vendor-advisoryx_refsource_UBUNTU
http://rhn.redhat.com/errata/RHSA-2016-1844.html
vendor-advisoryx_refsource_REDHAT
https://blog.fuzzing-project.org/47-Many-invalid-memory-a...
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.