Heap-based buffer overflow in libarchive - CVE-2016-4300
Published: September 21, 2016 / Updated: July 28, 2020
Vulnerability identifier: #VU32266
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2016-4300
CWE-ID: CWE-122
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: libarchive
Affected software:
libarchive
libarchive
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1. A remote attacker can use a 7zip file with a large number of substreams to trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
How to mitigate CVE-2016-4300
Update to version 3.2.1.
Sources
- http://blog.talosintel.com/2016/06/the-poisoned-archives.html
- http://rhn.redhat.com/errata/RHSA-2016-1844.html
- http://www.debian.org/security/2016/dsa-3657
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.securityfocus.com/bid/91326
- http://www.talosintel.com/reports/TALOS-2016-0152/
- https://bugzilla.redhat.com/show_bug.cgi?id=1348439
- https://github.com/libarchive/libarchive/commit/e79ef306afe332faf22e9b442a2c6b59cb175573
- https://github.com/libarchive/libarchive/issues/718
- https://security.gentoo.org/glsa/201701-03
- https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00062&languageid=en-fr