Integer Overflow Vulnerability in libarchive Affects Multiple Platforms
CVE-2016-6250

8.6HIGH

Key Information:

Vendor

Oracle
Status
Linux
Vendor
CVE Published:
21 September 2016

What is CVE-2016-6250?

An integer overflow vulnerability exists in the ISO9660 writer of libarchive prior to version 3.2.1. This flaw permits remote attackers to exploit the system by sending specially crafted input that triggers a buffer overflow during filename length validation when writing ISO9660 archives. The result can potentially lead to a denial of service through application crashes or allow the execution of arbitrary code, thereby compromising system integrity.

References

http://rhn.redhat.com/errata/RHSA-2016-1844.html
vendor-advisoryx_refsource_REDHAT
http://www.oracle.com/technetwork/topics/security/linuxbu...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1036431
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2016-6250 : Integer Overflow Vulnerability in libarchive Affects Multiple Platforms