vulnerability
Oracle Linux: CVE-2015-8932: ELSA-2016-1844: libarchive security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:N/AC:H/Au:S/C:N/I:N/A:P) | 2016-06-17 | 2016-09-12 | 2024-12-18 |
Severity
2
CVSS
(AV:N/AC:H/Au:S/C:N/I:N/A:P)
Published
2016-06-17
Added
2016-09-12
Modified
2024-12-18
Description
The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift.
Undefined behavior (invalid left shift) was discovered in libarchive, in how Compress streams are identified. This could cause certain files to be mistakenly identified as Compress archives and fail to read.
Undefined behavior (invalid left shift) was discovered in libarchive, in how Compress streams are identified. This could cause certain files to be mistakenly identified as Compress archives and fail to read.
Solution(s)
oracle-linux-upgrade-bsdcpiooracle-linux-upgrade-bsdtaroracle-linux-upgrade-libarchiveoracle-linux-upgrade-libarchive-devel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.