#VU33272 Out-of-bounds read in libarchive - CVE-2015-8934
Vulnerability identifier: #VU33272
Vulnerability risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2015-8934
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
libarchive
Client/Desktop applications /
Software for archiving
Vendor: libarchive
Description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary error in the copy_from_lzss_window function in archive_read_support_format_rar.c. A remote attacker can create a crafted rar file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
Mitigation
Update to version 3.2.1.
Vulnerable software versions
libarchive: 3.0.0 - 3.2.0
External links
https://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html
https://rhn.redhat.com/errata/RHSA-2016-1844.html
https://www.debian.org/security/2016/dsa-3657
https://www.openwall.com/lists/oss-security/2016/06/17/2
https://www.openwall.com/lists/oss-security/2016/06/17/5
https://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
https://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
https://www.securityfocus.com/bid/91409
https://www.ubuntu.com/usn/USN-3033-1
https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html
https://github.com/libarchive/libarchive/issues/521
https://security.gentoo.org/glsa/201701-03
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
