Project

General

Profile

Bug #6789

libarchive: Out of bounds read in lha_read_file_header_1() function (CVE-2017-5601)

Added by Alicha CH over 2 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
-
Start date:
02/01/2017
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Affected versions:
Security IDs:

Description

The vulnerability is caused due to an error in the
"lha_read_file_header_1()" function
(archive_read_support_format_lha.c), which can be exploited to trigger
an out-of-bounds read memory access via a specially crafted archive.

Affected versions:

libarchive version 3.2.2.
Other versions may also be affected.

Reference:

https://secunia.com/secunia_research/2017-3/

Patch:

https://github.com/libarchive/libarchive/commit/98dcbbf0bf4854bf987557e55e55fff7abbf3ea9


Subtasks

Bug #6790: [3.6] libarchive: Out of bounds read in lha_read_file_header_1() function (CVE-2017-5601)ClosedNatanael Copa

Bug #6791: [3.5] libarchive: Out of bounds read in lha_read_file_header_1() function (CVE-2017-5601)ClosedNatanael Copa

Bug #6792: [3.4] libarchive: Out of bounds read in lha_read_file_header_1() function (CVE-2017-5601)ClosedNatanael Copa

Bug #6793: [3.3] libarchive: Out of bounds read in lha_read_file_header_1() function (CVE-2017-5601)ClosedNatanael Copa

Bug #6794: [3.2] libarchive: Out of bounds read in lha_read_file_header_1() function (CVE-2017-5601)ClosedNatanael Copa

History

#1 Updated by Alicha CH over 2 years ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from New to Closed

Also available in: Atom PDF