CVE-2016-5418
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2016-5418
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-5418.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-5418
- Downstream
- Related
- Published
- 2016-09-21T14:25:13Z
- Modified
- 2025-10-15T08:14:09.853690Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.
- References
-
- http://rhn.redhat.com/errata/RHSA-2016-1844.html
- http://rhn.redhat.com/errata/RHSA-2016-1850.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- https://access.redhat.com/errata/RHSA-2016:1852
- https://access.redhat.com/errata/RHSA-2016:1853
- https://bugzilla.redhat.com/show_bug.cgi?id=1362601
- https://security.gentoo.org/glsa/201701-03
- http://www.openwall.com/lists/oss-security/2016/08/09/2
- https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f
- https://github.com/libarchive/libarchive/issues/746
- https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9
- http://www.securityfocus.com/bid/93165
Affected packages
Git / github.com/libarchive/libarchive
Affected ranges
- Type
- GIT
- Repo
- https://github.com/libarchive/libarchive
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v2.*
v2.6.0
v2.6.1
v2.6.2
v2.7.0
v2.7.1
v2.8.0
v2.8.1
v2.8.2
v2.8.3
v2.8.4
v2.8.5
v3.*
v3.0.0a
v3.0.1b
v3.0.2
v3.0.3
v3.0.4
v3.1.0
v3.1.1
v3.1.2
v3.1.900a
v3.1.901a
v3.2.0
v3.2.1
Database specific
vanir_signatures
[
{
"signature_type": "Function",
"id": "CVE-2016-5418-5bb6b383",
"source": "https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9",
"signature_version": "v1",
"target": {
"function": "check_symlinks",
"file": "libarchive/archive_write_disk_posix.c"
},
"digest": {
"function_hash": "25284512311429752469119198112718602293",
"length": 1681.0
},
"deprecated": false
},
{
"signature_type": "Function",
"id": "CVE-2016-5418-7936b676",
"source": "https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9",
"signature_version": "v1",
"target": {
"function": "create_filesystem_object",
"file": "libarchive/archive_write_disk_posix.c"
},
"digest": {
"function_hash": "130234484925222578468267233966496883923",
"length": 1977.0
},
"deprecated": false
},
{
"signature_type": "Function",
"id": "CVE-2016-5418-ba208d87",
"source": "https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9",
"signature_version": "v1",
"target": {
"function": "cleanup_pathname",
"file": "libarchive/archive_write_disk_posix.c"
},
"digest": {
"function_hash": "263054498409401580343171565218446948613",
"length": 1253.0
},
"deprecated": false
},
{
"signature_type": "Line",
"id": "CVE-2016-5418-d0a20edf",
"source": "https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9",
"signature_version": "v1",
"target": {
"file": "libarchive/archive_write_disk_posix.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"190206572353690564800737457059074909690",
"333886323767239975017659591577974023986",
"151246976990258330282929545376192248686",
"31684839201233356778511575122700002388",
"59598655250163552478241880268812022042",
"116655895245580142275230854549999803770",
"266357259461129281121677915044558170643",
"150462395635881583456151365869747567021",
"196379267181142031232064856803415559366",
"273991644002796952617823937632932107033",
"169724168014910402221470608821139490997",
"89013132374024616024674214243065450775",
"168893734858601583727209562115963765135",
"255205339901642614883064222586591467835",
"68052966164480842458072798510571816334",
"313822644588318235686540197373289898329",
"322494358805967167580883738117833134356",
"121432841308270433270267718438526209982",
"59860847185835609419913221427428926438",
"85525277528314277177264334452730817422",
"327834019928810516374311494699193591343",
"43437331663116280432800292061698980530",
"131930902262041094250118965548481206745",
"124398369852807242759103770316072865961",
"262339082800394503502646021227910118444",
"105294966562697043463143471421227475172",
"101721323727983759668063679667398328986",
"219711387753235482160729007218138362814",
"168317222768343290469106039428081301046",
"155791673604743824861098406713598487149",
"55691862313408706233716473780627290337",
"66926677846245810171600517025977540787",
"113088158683992383468339766639243558571",
"2280402286620390158814565947882603155",
"32856162204791123423963149791232703511",
"330742923737762262463106583978599759845",
"27837625346576789092075766785701914770",
"84504182580192447820578231404853792876",
"254792199900220072779710202207532751440",
"2661527101482166420945618633036258911",
"52910390179313294058012517238509592977",
"229224198494712150663031753961147036763",
"248299553802927596459600824790878813557",
"37575356012129687735068460216198550498",
"192316726282563909534312133292910354039",
"210171892429725954917286889636767189989",
"238602682081214502609011788503301384597",
"266579775507422043742632986998434228064",
"30676929673675020142236864366100438105",
"278412907377950651556441098483097767897",
"203064820391140239767228455973777183566",
"258550461203938728014602020199004775851",
"239244592534198239076440907895670456531",
"140980124238531902554754563530535532357",
"46212421566699672535046865083721564775",
"160155539522584502740925061083655522605",
"239618271269461787867667148495950514013",
"118570772440755116389151230619376215517",
"278420671762538153743769595951620060323",
"17463365700611020245304035345200971918",
"65156963924766736837737656326778552384",
"203141076987397950760558273958697343156",
"19254543976186409537088928594228155",
"22325265058561671176603388944270140054",
"175120648656823904175363946412859794484",
"196722686017933552402221245711364731550",
"91152647902791137812480066486601296566",
"255284592402442950672536244514636042950",
"15521269920264430172129292513264241779",
"24039599725094067680799031777046115111",
"3840509952896832891951590470566324279",
"300314397886306032645559215711836548922",
"291455882274161258302195054549528903980",
"118570772440755116389151230619376215517",
"278420671762538153743769595951620060323",
"130275062764189015665776420233768452558",
"214679475945783144384329932073685275608",
"63310318583577217156199270847555608991",
"208552885647430235538140088970777736753",
"59619835515689820022482605742032271347",
"311575940004050086496822741803437976451",
"118570772440755116389151230619376215517",
"54581245389101132038514681259994066061",
"200690291104529320959022699999933812636",
"114007684141974173266289920102244282666",
"10159235735277635228211175791350401068",
"337326331899866860380152308217596736976",
"164115778117940318375774816915458423156",
"136597216614052719252183156644197481271",
"56148419418183756228130239133223857047",
"14685609284537847378521832133318772178",
"36253573925167690287632087724561036479",
"317555517931848267341902474037402553908",
"45967908354142598092700816725344796510",
"87406568654356509539910461847447583334",
"322156342782438163178989392238490553947",
"318378191524114391539059970770628336209",
"103428810569491627564015798178765747655",
"219887082531557348457016267153000348004",
"205400009913339396295496348564029549889",
"67997975311043446710551504383754228980",
"319094703561955165557250869926788970567",
"176655564285468449252874678728747489551",
"84623044429151547413855862024407808774",
"34634872144206080600969021071786234951",
"316692675977161761141277592229196529004",
"77975226736880983838204078849441207341",
"301092945658730759451801156693050694953",
"289287118850954575093350358456464719396",
"135700563659566908062577371694999034210",
"228463554026837862577530958731945107227",
"114644332002493119085257434700836543769",
"278709568012594820002845957190345116755",
"96368584293696621676861818527056203866",
"324836973839093429136018284411908067080",
"9638709709591297877944182410410140698",
"177133082315817065067834189205353505517",
"113521354855502542973432900576896280321",
"227508550298800452115328215169163226022",
"196988912503589452148102725788346236889",
"190122687890011268631765083838152906826",
"241129502923311926031250406506498833394",
"88202937797093421168446875033111277584",
"68193889055266469813764250510620722883",
"299866789763217003780804658059929908296",
"227345580714172712143277594017367725645"
]
},
"deprecated": false
}
]