CVE-2016-1541
published 2016-05-07CVE-2016-1541: Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to…
PriorityP353high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
10.32%
95.1th percentile
Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libarchive | < libarchive 3.1.2-11.1 (bookworm) | libarchive 3.1.2-11.1 (bookworm) |
| libarchive | libarchive | <= 3.1.901a | — |
| libarchive | libarchive | >= 0 < 3.1.2-11.1 | 3.1.2-11.1 |
| libarchive | libarchive | >= 0 < 3.1.2-11.1 | 3.1.2-11.1 |
| libarchive | libarchive | >= 0 < 3.1.2-11.1 | 3.1.2-11.1 |
| libarchive | libarchive | >= 0 < 3.1.2-11.1 | 3.1.2-11.1 |
| libarchive | libarchive | >= 0 < 3.1.2-7ubuntu2.2 | 3.1.2-7ubuntu2.2 |
| libarchive | libarchive | >= 0 < 3.1.2-11ubuntu0.16.04.1 | 3.1.2-11ubuntu0.16.04.1 |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
vendor_ubuntu8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
libarchive vulnerabilities
vendor_ubuntu·2016-05-17·CVSS 8.8
CVE-2016-1541 [HIGH] libarchive vulnerabilities
Title: libarchive vulnerabilities
Summary: libarchive could be made to crash or run programs if it opened a specially
crafted file.
It was discovered that libarchive incorrectly handled certain entry-size
values in ZIP archives. A remote attacker could use this issue to cause
libarchive to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.10
and Ubuntu 16.04 LTS. (CVE-2016-1541)
It was discovered that libarchive incorrectly handled memory when
processing certain tar files. A remote attacker could use this issue to
cause libarchive to crash, resulting in a denial of service. (CVE number
pending)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
libarchive: zip_read_mac_metadata() heap-based buffer overflow
vendor_redhat·2016-05-02·CVSS 8.8
CVE-2016-1541 [HIGH] CWE-122 libarchive: zip_read_mac_metadata() heap-based buffer overflow
libarchive: zip_read_mac_metadata() heap-based buffer overflow
Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive.
A vulnerability was found in libarchive. A specially crafted zip file can provide an incorrect compressed size, which may allow an attacker to place arbitrary code on the heap and execute it in the context of the application.
Package: libarchive (Red Hat Enterprise Linux 6) - Not affected
Debian
CVE-2016-1541: libarchive - Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read...
vendor_debian·2016·CVSS 8.8
CVE-2016-1541 [HIGH] CVE-2016-1541: libarchive - Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read...
Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive.
Scope: local
bookworm: resolved (fixed in 3.1.2-11.1)
bullseye: resolved (fixed in 3.1.2-11.1)
forky: resolved (fixed in 3.1.2-11.1)
sid: resolved (fixed in 3.1.2-11.1)
trixie: resolved (fixed in 3.1.2-11.1)
GHSA
GHSA-w2vf-7r3f-2gg2: Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip
ghsa_unreviewed·2022-05-14
CVE-2016-1541 [HIGH] CWE-20 GHSA-w2vf-7r3f-2gg2: Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip
Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive.
OSV
libarchive vulnerabilities
osv·2016-05-17·CVSS 8.8
CVE-2016-1541 [HIGH] libarchive vulnerabilities
libarchive vulnerabilities
It was discovered that libarchive incorrectly handled certain entry-size
values in ZIP archives. A remote attacker could use this issue to cause
libarchive to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.10
and Ubuntu 16.04 LTS. (CVE-2016-1541)
It was discovered that libarchive incorrectly handled memory when
processing certain tar files. A remote attacker could use this issue to
cause libarchive to crash, resulting in a denial of service. (CVE number
pending)
OSV
CVE-2016-1541: Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip
osv·2016-05-07·CVSS 8.8
CVE-2016-1541 [HIGH] CVE-2016-1541: Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip
Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-1541 libarchive: heap-based buffer overflow due to improper input validation [epel-5]
bugzilla·2016-05-12·CVSS 8.8
CVE-2016-1541 [HIGH] CVE-2016-1541 libarchive: heap-based buffer overflow due to improper input validation [epel-5]
CVE-2016-1541 libarchive: heap-based buffer overflow due to improper input validation [epel-5]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
[bug automatically created by: add
Bugzilla
CVE-2016-1541 libarchive: heap-based buffer overflow due to improper input validation [fedora-all]
bugzilla·2016-05-09·CVSS 8.8
CVE-2016-1541 [HIGH] CVE-2016-1541 libarchive: heap-based buffer overflow due to improper input validation [fedora-all]
CVE-2016-1541 libarchive: heap-based buffer overflow due to improper input validation [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple s
Bugzilla
CVE-2016-1541 libarchive: heap-based buffer overflow due to improper input validation [epel-6]
bugzilla·2016-05-09·CVSS 8.8
CVE-2016-1541 [HIGH] CVE-2016-1541 libarchive: heap-based buffer overflow due to improper input validation [epel-6]
CVE-2016-1541 libarchive: heap-based buffer overflow due to improper input validation [epel-6]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
[bug automatically created by: add
Bugzilla
CVE-2016-1541 libarchive: zip_read_mac_metadata() heap-based buffer overflow
bugzilla·2016-05-09·CVSS 8.8
CVE-2016-1541 [HIGH] CVE-2016-1541 libarchive: zip_read_mac_metadata() heap-based buffer overflow
CVE-2016-1541 libarchive: zip_read_mac_metadata() heap-based buffer overflow
A vulnerability was found in libarchive. A crafted zip file can provide an incorrect compressed size, which may allow an attacker to place arbitrary code on the heap and execute it in the context of the current user. The user must be coerced into unzipping the crafted zip file.
External references:
http://www.kb.cert.org/vuls/id/862384
Upstream fix:
https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7
Discussion:
Created libarchive tracking bugs for this issue:
Affects: fedora-all [bug 1334213]
Affects: epel-6 [bug 1334214]
---
Created libarchive tracking bugs for this issue:
Affects: epel-5 [bug 1335466]
---
Cisco Talos advisory for this issue:
http://www.talosint
arXiv
Summoning Demons: The Pursuit of Exploitable Bugs in Machine Learning
arxiv_fulltext·2017-01-17
Summoning Demons: The Pursuit of Exploitable Bugs in Machine Learning
Summoning Demons
The Pursuit of Exploitable Bugs in Machine Learning
6
Rock Stevens
Octavian Suciu
Andrew Ruef
Sanghyun Hong
Michael Hicks
Tudor Dumitras
University of Maryland, College Park
[2][]
red
.97 #1 * 1.15 + #2#1 #2
lime
[2][]
red#1 #2
## Abstract
Governments and businesses increasingly rely on data analytics and machine learning (ML) for improving their competitive edge in areas such as consumer satisfaction, threat intelligence, decision making, and product efficiency.
However, by cleverly corrupting a subset of data used as input to a target's ML algorithms, an adversary can perturb outcomes and compromise the effectiveness of ML technology.
While prior work in the field of adversarial
machine learning has studied the impact of input
manipulation on correct ML algorithm
http://lists.opensuse.org/opensuse-updates/2016-06/msg00003.htmlhttp://lists.opensuse.org/opensuse-updates/2016-06/msg00090.htmlhttp://rhn.redhat.com/errata/RHSA-2016-1844.htmlhttp://www.debian.org/security/2016/dsa-3574http://www.kb.cert.org/vuls/id/862384http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.htmlhttp://www.securityfocus.com/bid/89355http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.352685http://www.ubuntu.com/usn/USN-2981-1https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7https://github.com/libarchive/libarchive/issues/656https://security.gentoo.org/glsa/201701-03http://lists.opensuse.org/opensuse-updates/2016-06/msg00003.htmlhttp://lists.opensuse.org/opensuse-updates/2016-06/msg00090.htmlhttp://rhn.redhat.com/errata/RHSA-2016-1844.htmlhttp://www.debian.org/security/2016/dsa-3574http://www.kb.cert.org/vuls/id/862384http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.htmlhttp://www.securityfocus.com/bid/89355http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.352685http://www.ubuntu.com/usn/USN-2981-1https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7https://github.com/libarchive/libarchive/issues/656https://security.gentoo.org/glsa/201701-03
2016-05-07
Published