985832 – (CVE-2016-4300) VUL-0: CVE-2016-4300: bsdtar,libarchive: Heap buffer overflow vulnerability in the 7zip read_SubStreamsInfo

Bug 985832 (CVE-2016-4300) - VUL-0: CVE-2016-4300: bsdtar,libarchive: Heap buffer overflow vulnerability in the 7zip read_SubStreamsInfo

Summary: VUL-0: CVE-2016-4300: bsdtar,libarchive: Heap buffer overflow vulnerability i...

Status:	RESOLVED FIXED

Alias:	CVE-2016-4300

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Major
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/170370/
Whiteboard:	CVSSv2:SUSE:CVE-2016-4300:6.8:(AV:N/A...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2016-06-21 09:41 UTC by Marcus Meissner
Modified:	2020-04-23 15:40 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2016-06-21 09:41:10 UTC

http://www.talosintel.com/reports/TALOS-2016-0152/

TALOS-2016-0152
Libarchive 7zip read_SubStreamsInfo Code Execution Vulnerability
June 19, 2016
Report ID

CVE-2016-4300
Summary

An exploitable \heap overflow vulnerability exists in the 7zip read_SubStreamsInfo functionality of libarchive. A specially crafted 7zip file can cause a integer overflow resulting in memory corruption that can lead to code execution. An attacker can send a malformed file to trigger this vulnerability.
Tested Versions

libarchive 3.1.2
Product URLs

https://github.com/libarchive/libarchive
CVSSv3 Score

7.8 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

...

Comment 1 Marcus Meissner 2016-06-21 09:41:35 UTC

(no reproducer attached)

Fix commit:

https://github.com/libarchive/libarchive/commit/e79ef306afe332faf22e9b442a2c6b59cb175573

Comment 2 Swamp Workflow Management 2016-06-21 22:00:27 UTC

bugbot adjusting priority

Comment 3 Swamp Workflow Management 2016-07-29 12:12:22 UTC

SUSE-SU-2016:1909-1: An update that fixes 20 vulnerabilities is now available.

Category: security (important)
Bug References: 984990,985609,985665,985669,985673,985675,985679,985682,985685,985688,985689,985697,985698,985700,985703,985704,985706,985826,985832,985835
CVE References: CVE-2015-8918,CVE-2015-8919,CVE-2015-8920,CVE-2015-8921,CVE-2015-8922,CVE-2015-8923,CVE-2015-8924,CVE-2015-8925,CVE-2015-8926,CVE-2015-8928,CVE-2015-8929,CVE-2015-8930,CVE-2015-8931,CVE-2015-8932,CVE-2015-8933,CVE-2015-8934,CVE-2016-4300,CVE-2016-4301,CVE-2016-4302,CVE-2016-4809
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    libarchive-3.1.2-22.1
SUSE Linux Enterprise Server 12-SP1 (src):    libarchive-3.1.2-22.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    libarchive-3.1.2-22.1

Comment 4 Swamp Workflow Management 2016-08-11 15:16:43 UTC

openSUSE-SU-2016:2036-1: An update that fixes 20 vulnerabilities is now available.

Category: security (important)
Bug References: 984990,985609,985665,985669,985673,985675,985679,985682,985685,985688,985689,985697,985698,985700,985703,985704,985706,985826,985832,985835
CVE References: CVE-2015-8918,CVE-2015-8919,CVE-2015-8920,CVE-2015-8921,CVE-2015-8922,CVE-2015-8923,CVE-2015-8924,CVE-2015-8925,CVE-2015-8926,CVE-2015-8928,CVE-2015-8929,CVE-2015-8930,CVE-2015-8931,CVE-2015-8932,CVE-2015-8933,CVE-2015-8934,CVE-2016-4300,CVE-2016-4301,CVE-2016-4302,CVE-2016-4809
Sources used:
openSUSE Leap 42.1 (src):    libarchive-3.1.2-13.2

Comment 5 Adrian Schröter 2018-10-10 13:26:37 UTC

is done

Comment 8 Alexandros Toptsoglou 2020-04-23 15:40:30 UTC

Done