CVE-2015-8915Out-of-bounds Read in Libarchive

CWE-125Out-of-bounds Read8 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.4%
top 38.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LibarchiveDebian Libarchive
Timeline
PublishedSep 20
Latest updateMay 14

Description

bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

debiandebian/libarchive< libarchive 3.2.0-2 (bookworm)
Debianlibarchive/libarchive< 3.2.0-2+3
NVDlibarchive/libarchive3.1.901a

🔴Vulnerability Details

2
GHSA
GHSA-c9hw-3xr3-f2qr: bsdcpio in libarchive before 32022-05-14
OSV
CVE-2015-8915: bsdcpio in libarchive before 32016-09-20

📋Vendor Advisories

2
Red Hat
libarchive: crash via malformed cpio archive2015-04-28
Debian
CVE-2015-8915: libarchive - bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of ...2015

💬Community

3
Bugzilla
CVE-2015-8915 libarchive: crash via malformed cpio archive [fedora-all]2015-04-29
Bugzilla
CVE-2015-8915 libarchive: crash via malformed cpio archive2015-04-29
Bugzilla
CVE-2015-8915 libarchive: crash via malformed cpio archive [epel-5]2015-04-29