CVE-2013-0211Improper Restriction of Operations within the Bounds of a Memory Buffer in Libarchive

CWE-18914 documents8 sources
Severity
5.0MEDIUMNVD
EPSS
1.2%
top 21.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
LibarchiveDebian LibarchiveCanonical Ubuntu Linux+3 more
Timeline
PublishedSep 30
Latest updateMay 5

Description

Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages5 packages

debiandebian/libarchive< libarchive 3.0.4-3 (bookworm)
Debianlibarchive/libarchive< 3.0.4-3+3
Ubuntulibarchive/libarchive< 3.1.2-7ubuntu2.1
NVDopensuse/opensuse13.1, 13.2+1

Also affects: Freebsd 9.3, Fedora 17, 18, Ubuntu Linux 12.04, 14.04, 14.10

Patches

Patch: bugzilla.redhat.comPatch: github.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-c9hm-r59j-h433: Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip2022-05-05
OSV
libarchive vulnerabilities2015-03-25
OSV
CVE-2013-0211: Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip2013-09-30

📋Vendor Advisories

4
BSD
FreeBSD-SA-16:23.libarchive: Buffer overflow in libarchive(3)2016-05-31
Ubuntu
libarchive vulnerabilities2015-03-25
Red Hat
libarchive: read buffer overflow on 64-bit systems2013-03-25
Debian
CVE-2013-0211: libarchive - Integer signedness error in the archive_write_zip_data function in archive_write...2013

💬Community

6
Bugzilla
CVE-2013-0211 libarchive: read buffer overflow on 64-bit systems [epel-5]2013-03-25
Bugzilla
CVE-2013-0211 libarchive: read buffer overflow on 64-bit systems [fedora-all]2013-03-25
Bugzilla
CVE-2013-0211 libarchive: read buffer overflow on 64-bit systems [fedora-all]2013-03-25
Bugzilla
CVE-2012-6115 rhev: rhevm-manage-domains logs admin passwords2013-01-30
Bugzilla
CVE-2013-0211 libarchive: read buffer overflow on 64-bit systems2013-01-22