Debian update for libarchive
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 10 |
| CVE-ID | CVE-2016-10209 CVE-2016-10349 CVE-2016-10350 CVE-2017-14166 CVE-2017-14501 CVE-2017-14502 CVE-2017-14503 CVE-2018-1000877 CVE-2018-1000878 CVE-2018-1000880 |
| CWE-ID | CWE-476 CWE-125 CWE-193 CWE-415 CWE-416 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Debian Linux Operating systems & Components / Operating system |
| Vendor | Debian |
Security Bulletin
This security bulletin contains information about 10 vulnerabilities.
1) NULL pointer dereference
EUVDB-ID: #VU15950
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-10209
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in archive_string.c in libarchive allows remote attackers to trigger NULL pointer dereference and application crash via a specially crafted archive file.
MitigationUpdate the affected package to version: 3.2.2-2+deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://www.debian.org/security/2018/dsa-4360
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer over-read
EUVDB-ID: #VU15951
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-10349
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the archive_le32dec function in archive_endian.h in libarchive. A remote attacker can trigger heap-based buffer over-read and application crash via a specially crafted file.
MitigationUpdate the affected package to version: 3.2.2-2+deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://www.debian.org/security/2018/dsa-4360
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer over-read
EUVDB-ID: #VU15953
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-10350
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2. A remote attacker can trigger heap-based buffer over-read and application crash via a specially crafted file.
MitigationUpdate the affected package to version: 3.2.2-2+deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://www.debian.org/security/2018/dsa-4360
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer over-read
EUVDB-ID: #VU15952
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-14166
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in libarchive 3.3.2. A remote attacker can trigger xml_data heap-based buffer over-read and application crash via a specially crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.
MitigationUpdate the affected package to version: 3.2.2-2+deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://www.debian.org/security/2018/dsa-4360
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds read
EUVDB-ID: #VU15818
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-14501
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to out-of-bounds read condition in the parse_file_info function, as defined in the archive_read_support_format_iso9660.c source code file when extracting ISO 9660 files. A remote attacker can trick the victim into extracting an ISO 9660 file that submits malicious input and cause the service to crash.
MitigationUpdate the affected package to version: 3.2.2-2+deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://www.debian.org/security/2018/dsa-4360
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Off-by-one
EUVDB-ID: #VU15954
Risk: Low
CVSSv4.0: 0 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-14502
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to off-by-one error for UTF-16 names in RAR archives. A remote attacker can trigger an out-of-bounds read in archive_read_format_rar_read_header and cause the service to crash.
MitigationUpdate the affected package to version: 3.2.2-2+deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://www.debian.org/security/2018/dsa-4360
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds read
EUVDB-ID: #VU15955
Risk: Low
CVSSv4.0: 0 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-14503
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive. A remote attacker can trigger an out-of-bounds read, related to lha_crc16 and cause the service to crash.
Update the affected package to version: 3.2.2-2+deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://www.debian.org/security/2018/dsa-4360
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Double-free error
EUVDB-ID: #VU16726
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-1000877
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition.
The vulnerability exists due to double-free error in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0. A remote attacker can trick the victim into opening a specially crafted RAR archive and cause the service to crash.
MitigationUpdate the affected package to version: 3.2.2-2+deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://www.debian.org/security/2018/dsa-4360
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free error
EUVDB-ID: #VU16727
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-1000878
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition.
The vulnerability exists due to use-after-free error in RAR decoder - libarchive/archive_read_support_format_rar.c. A remote attacker can trick the victim into opening a specially crafted RAR archive and cause the service to crash.
MitigationUpdate the affected package to version: 3.2.2-2+deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://www.debian.org/security/2018/dsa-4360
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper input validation
EUVDB-ID: #VU16729
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-1000880
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition.
The vulnerability exists due to insufficient validation of user-supplied input in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. A remote attacker can trick the victim into opening a specially crafted RAR archive and cause the service to crash.
MitigationUpdate the affected package to version: 3.2.2-2+deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://www.debian.org/security/2018/dsa-4360
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
