Vulnerability Details : CVE-2015-8930
bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2015-8930
- cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-8930
4.42%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-8930
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2015-8930
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-8930
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html
[security-announce] SUSE-SU-2016:1909-1: important: Security update forThird Party Advisory
-
http://www.debian.org/security/2016/dsa-3657
Debian -- Security Information -- DSA-3657-1 libarchive
-
http://www.securityfocus.com/bid/91339
libarchive CVE-2015-8930 Denial of Service Vulnerability
-
http://rhn.redhat.com/errata/RHSA-2016-1844.html
RHSA-2016:1844 - Security Advisory - Red Hat Customer Portal
-
http://www.openwall.com/lists/oss-security/2016/06/17/2
oss-security - Many invalid memory access issues in libarchiveMailing List;Third Party Advisory
-
https://github.com/libarchive/libarchive/issues/522
Malformed ISO file hangs bsdtar · Issue #522 · libarchive/libarchive · GitHubIssue Tracking;Patch;Third Party Advisory
-
https://security.gentoo.org/glsa/201701-03
libarchive: Multiple vulnerabilities (GLSA 201701-03) — Gentoo security
-
https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html
Many invalid memory access issues in libarchive | The Fuzzing ProjectThird Party Advisory
-
http://www.ubuntu.com/usn/USN-3033-1
USN-3033-1: libarchive vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2016/06/17/5
oss-security - Re: Many invalid memory access issues in libarchiveMailing List;Third Party Advisory
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
Oracle Linux Bulletin - July 2016
Jump to