CVE-2016-4809

The archivereadformatcpioreadheader function in archivereadsupportformat_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.

References

Affected packages

Git / github.com/libarchive/libarchive

Affected ranges

Type

GIT

Repo

https://github.com/libarchive/libarchive

Events

Introduced

Last affected

167e97be1d35c1e0947d768adbf94712244aad6b

Fixed

fd7e0c02

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.2.0"
        }
    ]
}

Affected versions

v3.*

v3.0.0a

v3.0.1b

v3.1.900a

v3.2.0

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-4809.json"