Vulnerability Details : CVE-2016-4300
Potential exploit
Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.
Vulnerability category: OverflowExecute code
Products affected by CVE-2016-4300
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*
- cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-4300
2.39%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 84 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-4300
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
|
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2016-4300
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-4300
-
https://github.com/libarchive/libarchive/issues/718
TALOS-CAN-152 · Issue #718 · libarchive/libarchive · GitHubIssue Tracking;Patch;Third Party Advisory
-
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00062&languageid=en-fr
INTEL-SA-00062
-
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
Oracle Solaris Bulletin - July 2016
-
http://www.debian.org/security/2016/dsa-3657
Debian -- Security Information -- DSA-3657-1 libarchive
-
http://www.securityfocus.com/bid/91326
libarchive CVE-2016-4300 Heap Buffer Overflow VulnerabilityThird Party Advisory;VDB Entry
-
http://rhn.redhat.com/errata/RHSA-2016-1844.html
RHSA-2016:1844 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://security.gentoo.org/glsa/201701-03
libarchive: Multiple vulnerabilities (GLSA 201701-03) — Gentoo security
-
https://bugzilla.redhat.com/show_bug.cgi?id=1348439
1348439 – (CVE-2016-4300) CVE-2016-4300 libarchive: Heap buffer overflow vulnerability in the 7zip read_SubStreamsInfoIssue Tracking
-
https://github.com/libarchive/libarchive/commit/e79ef306afe332faf22e9b442a2c6b59cb175573
Issue #718: Fix TALOS-CAN-152 · libarchive/libarchive@e79ef30 · GitHubIssue Tracking;Patch;Third Party Advisory
-
http://www.talosintel.com/reports/TALOS-2016-0152/
TALOS-2016-0152 || Cisco Talos Intelligence Group - Comprehensive Threat IntelligenceExploit;Third Party Advisory
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
Oracle Linux Bulletin - July 2016
-
http://blog.talosintel.com/2016/06/the-poisoned-archives.html
Talos Blog || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: The Poisoned ArchivesExploit;Third Party Advisory
Jump to