Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 17 Jun 2016 15:35:19 -0400 (EDT)
Subject: Re: Many invalid memory access issues in libarchive

Hash: SHA256


> libarchive version 3.2.0 (released on April 30th) fixed a large number
> of memory access bugs that I reported to them a while ago.

> Unclear invalid memory read in CPIO parser

>> hit end-of-file when trying to read a cpio header

Use CVE-2015-8915.

> Null pointer access in RAR parser

Use CVE-2015-8916.

There is not a second ID for the "it assumes this is a multivolume
archive" discussion in the

> Null pointer access in CAB parser

>> The real problem though is that the filename in the cabinet is set to
>> 0x97. This single character is not a valid utf8 character and
>> therefore the conversion fails.

Use CVE-2015-8917.

> Overlapping memcpy in CAB parser

Use CVE-2015-8918.

> Heap out of bounds read in LHA/LZH parser

Use CVE-2015-8919.

> Stack out of bounds read in ar parser

Use CVE-2015-8920.

> Global out of bounds read in mtree parser

Use CVE-2015-8921.

> Null pointer access in 7z parser

Use CVE-2015-8922.

> Unclear crashes in ZIP parser

>> Issue here was reading a size field as a signed number
>> and then using that as an offset.

Use CVE-2015-8923.

> Heap out of bounds read in TAR parser

Use CVE-2015-8924.

> Unclear invalid memory read in mtree parser

>> Fix escaped newline parsing

Use CVE-2015-8925.

> Null pointer access in RAR parser

Use CVE-2015-8926.

> Heap out of bounds read when reading password for malformed ZIP

Use CVE-2015-8927.

> Heap out of bounds read in mtree parser

Use CVE-2015-8928.

> I also reported a couple of lower severity issues (leaks, hangs,
> undefined behavior issues):

> Memory leak in TAR parser

Use CVE-2015-8929.

> Endless loop in ISO parser

Use CVE-2015-8930.

> Undefined behavior / signed integer overflow in mtree parser

>> We run on a lot of platforms that don't use glibc

Use CVE-2015-8931.

> Use after free in test suite

This does not have a CVE ID. The vendor response was "Looks like this
is just a bug in the test. The test runs a set of checks twice but
doesn't correctly reset in between." The code change is in the
libarchive/test/test_archive_read_add_passphrase.c file.

> Undefined behavior / invalid shiftleft in TAR parser

Use CVE-2015-8932.

> Undefined behavior / signed integer overflow in TAR parser

Use CVE-2015-8933.

> Unfortunately one out of bounds heap read bug in the RAR parser (sample
> file) remained unfixed. I hope a fix will find its way into the next
> version.


Use CVE-2015-8934.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at ]
Version: GnuPG v1


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ