CVE-2016-7166

libarchive/libarchive

on github

Published

September 21, 2016

Severity

CVSS v3:

5.5 MEDIUM

CVSS v2:

4.3 MEDIUM

Description

libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.

References

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*	n/a	n/a	7.0
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*	n/a	n/a	7.2
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*	n/a	n/a	7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*	n/a	n/a	7.0
cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:::::::*	n/a	n/a	7.0
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:::::::*	n/a	n/a	7.2
cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:::::::*	n/a	n/a	7.2
cpe:2.3:a:libarchive:libarchive::::::::	n/a	3.1.901a (including)	*
cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:::::::*	n/a	n/a	6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*	n/a	n/a	6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*	n/a	n/a	6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*	n/a	n/a	6.0
cpe:2.3:o:oracle:linux:6:::::::*	n/a	n/a	6
cpe:2.3:o:oracle:linux:7:::::::*	n/a	n/a	7

External Links

NVD - CVE-2016-7166