Lucene search
Veracode Vulnerability DatabaseVERACODE:6140HistoryApr 18, 2018 - 7:13 a.m.
Denial Of Service (DoS) Through Heap Buffer Overflow
2018-04-1807:13:15
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
0.021 Low
EPSS
Percentile
89.1%
libarchive.so is vulnerable to denial of service (DoS) through heap-based buffer overflow attacks. The vulnerability exists in atol10 and atol08 of libarchive/archive_read_support_format_xar.c where a heap-based buffer overflow can occur when processing a malicious xar archive.
References
blogs.gentoo.org/ago/2017/09/06/libarchive-heap-based-buffer-overflow-in-xml_data-archive_read_support_format_xar-c/
bugzilla.redhat.com/show_bug.cgi?id=1489852
github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71
lists.debian.org/debian-lts-announce/2018/11/msg00037.html
security.gentoo.org/glsa/201908-11
usn.ubuntu.com/3736-1/
www.debian.org/security/2018/dsa-4360
Related
mageia
mageia
Updated libarchive packages fix security vulnerability
2017-09-10 15:36:09
nessus
nessus
Debian DLA-1092-1 : libarchive security update
2017-09-11 00:00:00
EulerOS 2.0 SP2 : libarchive (EulerOS-SA-2019-1849)
2019-09-17 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-1092-1)
2018-02-06 00:00:00
Mageia: Security Advisory (MGASA-2017-0337)
2022-01-28 00:00:00
Huawei EulerOS: Security Advisory for libarchive (EulerOS-SA-2019-1849)
2020-01-23 00:00:00
alpinelinux
alpinelinux
CVE-2017-14166
2017-09-06 18:29:00
osv
osv
CVE-2017-14166
2017-09-06 18:29:00
libarchive - security update
2017-09-08 00:00:00
libarchive - security update
2018-12-27 00:00:00
redhatcve
redhatcve
CVE-2017-14166
2017-09-08 14:00:19
debian
debian
[SECURITY] [DLA 1092-1] libarchive security update
2017-09-08 09:00:00
[SECURITY] [DSA 4360-1] libarchive security update
2018-12-27 16:40:27
[SECURITY] [DLA 1600-1] libarchive security update
2018-11-29 22:32:50
cve
cve
CVE-2017-14166
2017-09-06 18:29:00
nvd
nvd
CVE-2017-14166
2017-09-06 18:29:00
debiancve
debiancve
CVE-2017-14166
2017-09-06 18:29:00
prion
prion
Heap overflow
2017-09-06 18:29:00
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container images may be vulnerable to denial of service due to libarchive [CVE-2017-14166]
2023-03-28 10:20:14
ubuntucve
ubuntucve
CVE-2017-14166
2017-09-06 00:00:00
cvelist
cvelist
CVE-2017-14166
2017-09-06 18:00:00
gentoo
gentoo
libarchive: Multiple vulnerabilities
2019-08-15 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: libarchive-3.3.3-1.fc28
2018-11-21 03:13:00
[SECURITY] Fedora 29 Update: libarchive-3.3.3-1.fc29
2018-10-31 16:42:22
cloudfoundry
cloudfoundry
USN-3736-1: libarchive vulnerabilities | Cloud Foundry
2018-09-11 00:00:00
ubuntu
ubuntu
libarchive vulnerabilities
2018-08-13 00:00:00
suse
suse
Security update for libarchive (moderate)
2018-11-10 00:29:34