Lucene search

ROSA LABROSA-SA-2021-1862

HistoryJul 02, 2021 - 5:10 p.m.

Advisory ROSA-SA-2021-1862

2021-07-0217:10:44

ROSA LAB

abf.rosalinux.ru

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

9 High

AI Score

Confidence

High

0.059 Low

EPSS

Percentile

93.5%

JSON

Software: libarchive 3.1.2
OS: Cobalt 7.9

CVE-ID: CVE-2015-2304
CVE-Crit: HIGH
CVE-DESC: Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via the full path in the archive.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-8915
CVE-Crit: MEDIUM
CVE-DESC: bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and failure) via a crafted cpio file.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-8918
CVE-Crit: HIGH
CVE-DESC: archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (failure) via created cab files related to “memcpy overlap”.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-8927
CVE-Crit: MEDIUM
CVE-DESC: The trad_enc_decrypt_update function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (read heap out-of-bounds and crash) via a crafted zip file associated with a password read.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-8929
CVE-Crit: MEDIUM
CVE-DESC: A memory leak in __archive_read_get_extract in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-8933
CVE-Crit: MEDIUM
CVE-DESC: Integer overflow in archive_read_format_tar_skip function in archive_read_support_format_tar_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (failure) via a created tar file.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-4301
CVE-Crit: HIGH
CVE-DESC: Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code through a crafted mtree file.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-6250
CVE-Crit: HIGH
CVE-DESC: Integer overflow in the ISO9660 write module in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code using vectors related to file length checks on ISO9660 archive writes that trigger buffer overflow.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-7166
CVE-Crit: MEDIUM
CVE-DESC: libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2019-11463
CVE-Crit: MEDIUM
CVE-DESC: A memory leak in archive_read_format_zip_cleanup in archive_read_support_format_zip.c in libarchive 3.3.4-dev allows remote attackers to cause a denial of service via a crafted ZIP file due to the HAVE_LZMA_H typo. NOTE: this only affects users who have downloaded development code from GitHub. Users of official product releases will not be affected.
CVE-STATUS: default
CVE-REV: default

OSVersionArchitecturePackageVersionFilename
Cobaltanynoarchlibarchive< 3.1.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Cobalt	any	noarch	libarchive	< 3.1.2	UNKNOWN

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

9 High

AI Score

Confidence

High

0.059 Low

EPSS

Percentile

93.5%

JSON

Advisory ROSA-SA-2021-1862

Related