CVE-2011-1777 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Libarchive
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer11 documents7 sources
Severity
6.8MEDIUMNVD
EPSS
3.0%
top 13.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 13
Latest updateMay 14
Description
Multiple buffer overflows in the (1) heap_add_entry and (2) relocate_dir functions in archive_read_support_format_iso9660.c in libarchive through 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ISO9660 image.
CVSS vector
AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4
Affected Packages3 packages
🔴Vulnerability Details
2GHSA▶
GHSA-g8qh-wrpv-q82v: Multiple buffer overflows in the (1) heap_add_entry and (2) relocate_dir functions in archive_read_support_format_iso9660↗2022-05-14
OSV▶
CVE-2011-1777: Multiple buffer overflows in the (1) heap_add_entry and (2) relocate_dir functions in archive_read_support_format_iso9660↗2012-04-13
📋Vendor Advisories
3💬Community
5Bugzilla
▶
Bugzilla▶
CVE-2010-4666 CVE-2011-1777 CVE-2011-1778 CVE-2011-1779 Libarchive multiple security issues [epel-5]↗2012-01-12
Bugzilla▶
CVE-2010-4666 CVE-2011-1777 CVE-2011-1778 CVE-2011-1779 Libarchive multiple security issues [fedora-all]↗2011-05-18
Bugzilla▶
CVE-2010-4666 CVE-2011-1777 CVE-2011-1778 CVE-2011-1779 Libarchive multiple security issues↗2011-05-18