libarchive 3.2.2 archive_string.c archive_wstring_append_from_mbs null pointer dereference
A vulnerability, which was classified as problematic, was found in libarchive 3.2.2. Affected is the function
archive_wstring_append_from_mbs of the file archive_string.c. The manipulation leads to null pointer dereference. Using CWE to declare the problem leads to CWE-476. The bug was discovered 12/13/2016. The weakness was presented 04/03/2017 as FEDORA-2017-55a8f10223 (GitHub Repository). The advisory is shared for download at github.com.
This vulnerability is traded as CVE-2016-10209. Attacking locally is a requirement. Technical details are available. There is no exploit available. The current price for an exploit might be approx. USD $0-$5k at the moment.
It is declared as not defined. The vulnerability was handled as a non-public zero-day exploit for at least 111 days. As 0-day the estimated underground price was around $0-$5k. The vulnerability scanner Nessus provides a plugin with the ID 99609 (Fedora 25 : libarchive (2017-55a8f10223)), which helps to determine the existence of the flaw in a target environment. The commercial vulnerability scanner Qualys is able to test this issue with plugin 171705 (SUSE Enterprise Linux Security Update for libarchive (SUSE-SU-2018:3640-1)).
It is recommended to upgrade the affected component. A possible mitigation has been published 3 weeks after the disclosure of the vulnerability.
The vulnerability is also documented other vulnerability databases: SecurityFocus (BID 97327) and Tenable (99609).
Do you need the next level of professionalism?
Upgrade your account now!