CVE-2017-5601

Related Files

Ubuntu Security Notice USN-3225-1

Posted Mar 10, 2017

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3225-1 - It was discovered that libarchive incorrectly handled hardlink entries when extracting archives. A remote attacker could possibly use this issue to overwrite arbitrary files. Christian Wressnegger, Alwin Maier, and Fabian Yamaguchi discovered that libarchive incorrectly handled filename lengths when writing ISO9660 archives. A remote attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary

systems | linux, ubuntu

advisories | CVE-2016-5418, CVE-2016-6250, CVE-2016-7166, CVE-2016-8687, CVE-2016-8688, CVE-2016-8689, CVE-2017-5601

SHA-256 | 2390e963ac7b47dd561295e3663b96519c842fadf463ee74b2d1f962d126476e

Download | Favorite | View

Libarchive 3.2.2 lha_read_file_header_1() Denial Of Service

Posted Jan 31, 2017

Authored by Jakub Jirasek | Site secunia.com

Secunia Research has discovered a vulnerability in libarchive, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the "lha_read_file_header_1()" function (archive_read_support_format_lha.c), which can be exploited to trigger an out-of-bounds read memory access via a specially crafted archive. The vulnerability is confirmed in version 3.2.2. Other versions may also be affected.

tags | advisory, denial of service

advisories | CVE-2017-5601

SHA-256 | aa2df6dcc8af97d089cfa8e980271155e3918baf57560ac35d78aea7e00ccc4b

Download | Favorite | View