CVE-2007-3645

2007-07-1500:00:00

ubuntu.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.104 Low

EPSS

Percentile

95.0%

JSON

archive_read_support_format_tar.c in libarchive before 2.2.4 allows
user-assisted remote attackers to cause a denial of service (crash) via (1)
an end-of-file condition within a tar header that follows a pax extension
header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR
archive, which results in a NULL pointer dereference, a different issue
than CVE-2007-3644.

Bugs

<https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/181721>

OSVersionArchitecturePackageVersionFilename
ubuntu7.10noarchlibarchive< 2.2.4-1UNKNOWN
ubuntu8.04noarchlibarchive< 2.2.4-1UNKNOWN
ubuntu8.10noarchlibarchive< 2.2.4-1UNKNOWN
ubuntu9.04noarchlibarchive< 2.2.4-1UNKNOWN
ubuntu9.10noarchlibarchive< 2.2.4-1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	7.10	noarch	libarchive	< 2.2.4-1	UNKNOWN
ubuntu	8.04	noarch	libarchive	< 2.2.4-1	UNKNOWN
ubuntu	8.10	noarch	libarchive	< 2.2.4-1	UNKNOWN
ubuntu	9.04	noarch	libarchive	< 2.2.4-1	UNKNOWN
ubuntu	9.10	noarch	libarchive	< 2.2.4-1	UNKNOWN