CVE-2016-5418
Severity
7.5HIGH
EPSS
5.2%
top 10.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 21
Latest updateMay 13
Description
The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6
Affected Packages9 packages
Also affects: Enterprise Linux 7.2
Patches
🔴Vulnerability Details
4📋Vendor Advisories
3💬Community
4Bugzilla▶
CVE-2016-5418 libarchive3: libarchive: Archive Entry with type 1 (hardlink), but has a non-zero data size file overwrite [epel-6]↗2016-09-12
Bugzilla▶
CVE-2016-5418 libarchive: Archive Entry with type 1 (hardlink), but has a non-zero data size file overwrite [epel-5]↗2016-09-12
Bugzilla▶
CVE-2016-5418 libarchive: Archive Entry with type 1 (hardlink), but has a non-zero data size file overwrite [fedora-all]↗2016-09-12
Bugzilla▶
CVE-2016-5418 libarchive: Archive Entry with type 1 (hardlink), but has a non-zero data size file overwrite↗2016-08-02