CVE-2015-8926NULL Pointer Dereference in Libarchive

CWE-476NULL Pointer DereferenceCWE-228Improper Handling of Syntactically Invalid StructureCWE-125Out-of-bounds Read9 documents8 sources
Severity
5.5MEDIUMNVD
OSV6.5
EPSS
0.4%
top 38.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
LibarchiveCanonical Ubuntu LinuxSuse Linux Enterprise Desktop+2 more
Timeline
PublishedSep 20
Latest updateMay 14

Description

The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

Debianlibarchive/libarchive< 3.2.0-2+3
Ubuntulibarchive/libarchive< 3.1.2-7ubuntu2.3+1
NVDlibarchive/libarchive3.1.901a

Also affects: Ubuntu Linux 12.04, 14.04, 15.10, 16.04

🔴Vulnerability Details

4
GHSA
GHSA-55xq-cfx2-8gpg: The archive_read_format_rar_read_data function in archive_read_support_format_rar2022-05-14
CVEList
CVE-2015-8926: The archive_read_format_rar_read_data function in archive_read_support_format_rar2016-09-20
OSV
CVE-2015-8926: The archive_read_format_rar_read_data function in archive_read_support_format_rar2016-09-20
OSV
libarchive vulnerabilities2016-07-14

📋Vendor Advisories

3
Ubuntu
libarchive vulnerabilities2016-07-14
Red Hat
libarchive: NULL pointer access in RAR parser2016-06-17
Debian
CVE-2015-8926: libarchive - The archive_read_format_rar_read_data function in archive_read_support_format_ra...2015

💬Community

1
Bugzilla
CVE-2015-8926 libarchive: NULL pointer access in RAR parser2016-06-21
CVE-2015-8926 — NULL Pointer Dereference in Libarchive | cvebase