The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive. (CVE-2016-8689)
Impact
For BIG-IP and VIPRION platforms that are configured to use Virtual Clustered Multiprocessing (vCMP), an authenticated administrator can upload a specially crafted ISO file and use the ISO file to create a vCMP guest virtual machine. A successful attack may cause the bsdtar to stop responding while creating the vCMP guest virtual machine.
CPE | Name | Operator | Version |
---|---|---|---|
big-ip afm | eq | 11.4.0 | |
big-ip afm | eq | 11.4.1 | |
big-ip afm | eq | 11.5.0 | |
big-ip afm | eq | 11.5.1 | |
big-ip afm | eq | 11.5.2 | |
big-ip afm | eq | 11.5.3 | |
big-ip afm | eq | 11.5.4 | |
big-ip afm | eq | 11.6.0 | |
big-ip afm | eq | 11.6.1 | |
big-ip afm | eq | 12.0.0 |