CVE-2016-4301 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Libarchive

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121 — Stack-based Buffer Overflow8 documents7 sources

Severity

7.8HIGHNVD

EPSS

1.4%

top 19.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libarchive Debian Libarchive

Timeline

PublishedSep 21

Latest updateMay 17

Description

Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/libarchive< libarchive 3.2.1-1 (bookworm)

▶Debianlibarchive/libarchive< 3.2.1-1+3

▶NVDlibarchive/libarchive3.2.0

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-r3m8-9hr7-7xwr: Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree↗2022-05-17

▶

OSV

CVE-2016-4301: Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree↗2016-09-21

▶

📋Vendor Advisories

Red Hat

libarchive: Stack buffer overflow in the mtree parse_device↗2016-06-19

▶

Debian

CVE-2016-4301: libarchive - Stack-based buffer overflow in the parse_device function in archive_read_support...↗2016

▶

🕵️Threat Intelligence

Talos

The Poisoned Archives↗2016-06-21

▶

Talos

The Poisoned Archives↗2016-06-21

▶

💬Community

Bugzilla

CVE-2016-4301 libarchive: Stack buffer overflow in the mtree parse_device↗2016-06-21

▶