CVE-2016-8687

Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename.

References

Affected packages

Git / github.com/libarchive/libarchive

Affected ranges

Type: GIT
Repo: https://github.com/libarchive/libarchive
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e37b620fe8f14535d737e89a4dcabaed4517bf1a

Affected versions

v2.*

v2.6.0

v2.6.1

v2.6.2

v2.7.0

v2.7.1

v2.8.0

v2.8.1

v2.8.2

v2.8.3

v2.8.4

v2.8.5

v3.*

v3.0.0a

v3.0.1b

v3.0.2

v3.0.3

v3.0.4

v3.1.0

v3.1.1

v3.1.2

v3.1.900a

v3.1.901a

v3.2.0

v3.2.1

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "target": {
            "file": "tar/util.c"
        },
        "source": "https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a",
        "digest": {
            "line_hashes": [
                "274947236785517941576769110957933520277",
                "162673665667336708429251698339556414402",
                "30924440026046384237080647977686539477",
                "6762232481255207823455611895071712144"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "id": "CVE-2016-8687-2b8436e1",
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "target": {
            "function": "safe_fprintf",
            "file": "tar/util.c"
        },
        "source": "https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a",
        "digest": {
            "length": 1454.0,
            "function_hash": "306124670893253162293110805501400168732"
        },
        "deprecated": false,
        "id": "CVE-2016-8687-f2b8937e",
        "signature_type": "Function"
    }
]