985835 – (CVE-2016-4302) VUL-0: CVE-2016-4302: bsdtar,libarchive: Heap buffer overflow in the Rar decompression functionality

Bug 985835 (CVE-2016-4302) - VUL-0: CVE-2016-4302: bsdtar,libarchive: Heap buffer overflow in the Rar decompression functionality

Summary: VUL-0: CVE-2016-4302: bsdtar,libarchive: Heap buffer overflow in the Rar dec...

Status:	RESOLVED FIXED

Alias:	CVE-2016-4302

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P2 - High Severity: Major
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/170369/
Whiteboard:	CVSSv2:SUSE:CVE-2016-4302:6.8:(AV:N/A...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2016-06-21 09:53 UTC by Marcus Meissner
Modified:	2020-04-23 15:40 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2016-06-21 09:53:08 UTC

http://www.talosintel.com/reports/TALOS-2016-0154/

TALOS-2016-0154
Libarchive Rar RestartModel Code Execution Vulnerability
June 19, 2016
Report ID

CVE-2016-4302
Summary

An exploitable heap overflow vulnerability exists in the Rar decompression functionality of libarchive. A specially crafted Rar file can cause a heap corruption eventually leading to code execution. An attacker can send a malformed file to trigger this vulnerability.
Tested Versions

libarchive git version on date 02.12.2015 Platform : x86/x64
Product URLs

https://github.com/libarchive/libarchive
CVSSv3 Score

7.8 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSSv3 Calculator: https://www.first.org/cvss/calculator/3.0

...

Comment 1 Marcus Meissner 2016-06-21 09:53:52 UTC

no reproducer attached to report.

fix is in commit https://github.com/libarchive/libarchive/commit/05caadc7eedbef471ac9610809ba683f0c698700

Comment 2 Swamp Workflow Management 2016-06-21 22:00:40 UTC

bugbot adjusting priority

Comment 3 Swamp Workflow Management 2016-07-29 12:12:33 UTC

SUSE-SU-2016:1909-1: An update that fixes 20 vulnerabilities is now available.

Category: security (important)
Bug References: 984990,985609,985665,985669,985673,985675,985679,985682,985685,985688,985689,985697,985698,985700,985703,985704,985706,985826,985832,985835
CVE References: CVE-2015-8918,CVE-2015-8919,CVE-2015-8920,CVE-2015-8921,CVE-2015-8922,CVE-2015-8923,CVE-2015-8924,CVE-2015-8925,CVE-2015-8926,CVE-2015-8928,CVE-2015-8929,CVE-2015-8930,CVE-2015-8931,CVE-2015-8932,CVE-2015-8933,CVE-2015-8934,CVE-2016-4300,CVE-2016-4301,CVE-2016-4302,CVE-2016-4809
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    libarchive-3.1.2-22.1
SUSE Linux Enterprise Server 12-SP1 (src):    libarchive-3.1.2-22.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    libarchive-3.1.2-22.1

Comment 4 Swamp Workflow Management 2016-08-11 15:16:52 UTC

openSUSE-SU-2016:2036-1: An update that fixes 20 vulnerabilities is now available.

Category: security (important)
Bug References: 984990,985609,985665,985669,985673,985675,985679,985682,985685,985688,985689,985697,985698,985700,985703,985704,985706,985826,985832,985835
CVE References: CVE-2015-8918,CVE-2015-8919,CVE-2015-8920,CVE-2015-8921,CVE-2015-8922,CVE-2015-8923,CVE-2015-8924,CVE-2015-8925,CVE-2015-8926,CVE-2015-8928,CVE-2015-8929,CVE-2015-8930,CVE-2015-8931,CVE-2015-8932,CVE-2015-8933,CVE-2015-8934,CVE-2016-4300,CVE-2016-4301,CVE-2016-4302,CVE-2016-4809
Sources used:
openSUSE Leap 42.1 (src):    libarchive-3.1.2-13.2

Comment 5 Adrian Schröter 2018-10-10 13:28:28 UTC

is done

Comment 8 Alexandros Toptsoglou 2020-04-23 15:40:49 UTC

Done