Required CVE Record Information
Description
The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy."
References 7 Total
- https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html
- https://github.com/libarchive/libarchive/issues/506
- lists.opensuse.org: SUSE-SU-2016:1909 vendor-advisory
- openwall.com: [oss-security] 20160617 Many invalid memory access issues in libarchive mailing-list
- security.gentoo.org: GLSA-201701-03 vendor-advisory
- openwall.com: [oss-security] 20160617 Re: Many invalid memory access issues in libarchive mailing-list
- securityfocus.com: 91300 vdb-entry
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 7 Total
- https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html x_transferred
- https://github.com/libarchive/libarchive/issues/506 x_transferred
- lists.opensuse.org: SUSE-SU-2016:1909 vendor-advisoryx_transferred
- openwall.com: [oss-security] 20160617 Many invalid memory access issues in libarchive mailing-listx_transferred
- security.gentoo.org: GLSA-201701-03 vendor-advisoryx_transferred
- openwall.com: [oss-security] 20160617 Re: Many invalid memory access issues in libarchive mailing-listx_transferred
- securityfocus.com: 91300 vdb-entryx_transferred