The archivewstringappendfrommbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file.
{ "binaries": [ { "binary_name": "bsdcpio", "binary_version": "3.1.2-7ubuntu2.6" }, { "binary_name": "bsdcpio-dbgsym", "binary_version": "3.1.2-7ubuntu2.6" }, { "binary_name": "bsdtar", "binary_version": "3.1.2-7ubuntu2.6" }, { "binary_name": "bsdtar-dbgsym", "binary_version": "3.1.2-7ubuntu2.6" }, { "binary_name": "libarchive-dev", "binary_version": "3.1.2-7ubuntu2.6" }, { "binary_name": "libarchive13", "binary_version": "3.1.2-7ubuntu2.6" }, { "binary_name": "libarchive13-dbgsym", "binary_version": "3.1.2-7ubuntu2.6" } ], "availability": "No subscription required", "ubuntu_priority": "low" }
{ "binaries": [ { "binary_name": "bsdcpio", "binary_version": "3.1.2-11ubuntu0.16.04.4" }, { "binary_name": "bsdcpio-dbgsym", "binary_version": "3.1.2-11ubuntu0.16.04.4" }, { "binary_name": "bsdtar", "binary_version": "3.1.2-11ubuntu0.16.04.4" }, { "binary_name": "bsdtar-dbgsym", "binary_version": "3.1.2-11ubuntu0.16.04.4" }, { "binary_name": "libarchive-dev", "binary_version": "3.1.2-11ubuntu0.16.04.4" }, { "binary_name": "libarchive13", "binary_version": "3.1.2-11ubuntu0.16.04.4" }, { "binary_name": "libarchive13-dbgsym", "binary_version": "3.1.2-11ubuntu0.16.04.4" } ], "availability": "No subscription required", "ubuntu_priority": "low" }
{ "binaries": [ { "binary_name": "bsdcpio", "binary_version": "3.2.2-3.1" }, { "binary_name": "bsdtar", "binary_version": "3.2.2-3.1" }, { "binary_name": "libarchive-dev", "binary_version": "3.2.2-3.1" }, { "binary_name": "libarchive-tools", "binary_version": "3.2.2-3.1" }, { "binary_name": "libarchive-tools-dbgsym", "binary_version": "3.2.2-3.1" }, { "binary_name": "libarchive13", "binary_version": "3.2.2-3.1" }, { "binary_name": "libarchive13-dbgsym", "binary_version": "3.2.2-3.1" } ], "availability": "No subscription required", "ubuntu_priority": "low" }