#VU33065 Heap-based buffer overflow in libarchive - CVE-2016-1541

Cybersecurity Help s.r.o.

Published: 2016-05-07 | Updated: 2020-08-03

Vulnerability identifier: #VU33065

Vulnerability risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2016-1541

CWE-ID: CWE-122

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
libarchive
Client/Desktop applications / Software for archiving

Vendor: libarchive

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0. A remote attacker can use crafted entry-size values in a ZIP archive. to trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation
Update to version 3.2.0.

Vulnerable software versions

libarchive: 3.0.0 - 3.1.901

External links
https://lists.opensuse.org/opensuse-updates/2016-06/msg00003.html
https://lists.opensuse.org/opensuse-updates/2016-06/msg00090.html
https://rhn.redhat.com/errata/RHSA-2016-1844.html
https://www.debian.org/security/2016/dsa-3574
https://www.kb.cert.org/vuls/id/862384
https://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
https://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
https://www.securityfocus.com/bid/89355
https://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.352685
https://www.ubuntu.com/usn/USN-2981-1
https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7
https://github.com/libarchive/libarchive/issues/656
https://security.gentoo.org/glsa/201701-03

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Heap-based buffer overflow in libarchive (Alpine package)

Slackware Linux update for libarchive

Fedora 22 update for libarchive

Fedora 23 update for libarchive

Fedora 24 update for libarchive

Heap-based buffer overflow in libarchive