CVE-2017-5601

An error in the lhareadfileheader1() function (archivereadsupportformatlha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive.

References

Affected packages

Git / github.com/libarchive/libarchive

Affected ranges

Type: GIT
Repo: https://github.com/libarchive/libarchive
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

98dcbbf0bf4854bf987557e55e55fff7abbf3ea9

Affected versions

v2.*

v2.6.0

v2.6.1

v2.6.2

v2.7.0

v2.7.1

v2.8.0

v2.8.1

v2.8.2

v2.8.3

v2.8.4

v2.8.5

v3.*

v3.0.0a

v3.0.1b

v3.0.2

v3.0.3

v3.0.4

v3.1.0

v3.1.1

v3.1.2

v3.1.900a

v3.1.901a

v3.2.0

v3.2.1

v3.2.2

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/libarchive/libarchive/commit/98dcbbf0bf4854bf987557e55e55fff7abbf3ea9",
        "target": {
            "file": "libarchive/archive_read_support_format_lha.c",
            "function": "lha_read_file_header_1"
        },
        "id": "CVE-2017-5601-0c9a258d",
        "digest": {
            "function_hash": "336704226165769747464089933487872960037",
            "length": 1651.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "deprecated": false
    },
    {
        "source": "https://github.com/libarchive/libarchive/commit/98dcbbf0bf4854bf987557e55e55fff7abbf3ea9",
        "target": {
            "file": "libarchive/archive_read_support_format_lha.c"
        },
        "id": "CVE-2017-5601-864d99df",
        "digest": {
            "line_hashes": [
                "154933373695779527317611311915132494466",
                "42771799760974896591912558998750698051",
                "84107349244644041201078345399127083101"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "deprecated": false
    }
]