Integer Overflow Vulnerability in libarchive Affects Multiple Platforms
CVE-2016-6250

8.6HIGH

Key Information:

Vendor
Oracle
Status
Linux
Vendor
CVE Published:
21 September 2016

Summary

An integer overflow vulnerability exists in the ISO9660 writer of libarchive prior to version 3.2.1. This flaw permits remote attackers to exploit the system by sending specially crafted input that triggers a buffer overflow during filename length validation when writing ISO9660 archives. The result can potentially lead to a denial of service through application crashes or allow the execution of arbitrary code, thereby compromising system integrity.

References

http://rhn.redhat.com/errata/RHSA-2016-1844.html
vendor-advisoryx_refsource_REDHAT
http://www.oracle.com/technetwork/topics/security/linuxbu...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1036431
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.