CVE-2016-8688 in libarchiveinfo

Summary

The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

10/15/2016

Disclosure

02/15/2017

Moderation

VulDB entry created

Entries

VDB-97005 (1)

CPE

ready

CWE

CWE-125 (Confirmed)

CVSS

5.4

EPSS

0.00226

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-8688
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-8688
CVE Details	https://www.cvedetails.com/cve/CVE-2016-8688/

◂ Previous Overview Next ▸