CVE-2007-3645

archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (crash) via (1) an end-of-file condition within a tar header that follows a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive, which results in a NULL pointer dereference, a different issue than CVE-2007-3644.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924
http://osvdb.org/38093
http://osvdb.org/38094
http://people.freebsd.org/~kientzle/libarchive/
http://secunia.com/advisories/26050	Patch Vendor Advisory
http://secunia.com/advisories/26062	Patch Vendor Advisory
http://secunia.com/advisories/26355
http://secunia.com/advisories/28377
http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc	Patch Vendor Advisory
http://security.freebsd.org/patches/SA-07:05/libarchive.patch	Patch
http://security.gentoo.org/glsa/glsa-200708-03.xml
http://www.debian.org/security/2008/dsa-1455
http://www.novell.com/linux/security/advisories/2007_15_sr.html
http://www.securityfocus.com/bid/24885	Patch
http://www.securitytracker.com/id?1018379
http://www.vupen.com/english/advisories/2007/2521
https://exchange.xforce.ibmcloud.com/vulnerabilities/35404

Configurations

Configuration 1 (hide)

cpe:2.3:a:freebsd:libarchive:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-07-15 21:30

Updated : 2024-02-28 11:01

NVD link : CVE-2007-3645

Mitre link : CVE-2007-3645

CVE.ORG link : CVE-2007-3645

JSON object : View

Products Affected

freebsd

libarchive

CWE

NVD-CWE-Other

{"id": "CVE-2007-3645", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-07-15T21:30:00.000", "references": [{"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924", "source": "secteam@freebsd.org"}, {"url": "http://osvdb.org/38093", "source": "secteam@freebsd.org"}, {"url": "http://osvdb.org/38094", "source": "secteam@freebsd.org"}, {"url": "http://people.freebsd.org/~kientzle/libarchive/", "source": "secteam@freebsd.org"}, {"url": "http://secunia.com/advisories/26050", "tags": ["Patch", "Vendor Advisory"], "source": "secteam@freebsd.org"}, {"url": "http://secunia.com/advisories/26062", "tags": ["Patch", "Vendor Advisory"], "source": "secteam@freebsd.org"}, {"url": "http://secunia.com/advisories/26355", "source": "secteam@freebsd.org"}, {"url": "http://secunia.com/advisories/28377", "source": "secteam@freebsd.org"}, {"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc", "tags": ["Patch", "Vendor Advisory"], "source": "secteam@freebsd.org"}, {"url": "http://security.freebsd.org/patches/SA-07:05/libarchive.patch", "tags": ["Patch"], "source": "secteam@freebsd.org"}, {"url": "http://security.gentoo.org/glsa/glsa-200708-03.xml", "source": "secteam@freebsd.org"}, {"url": "http://www.debian.org/security/2008/dsa-1455", "source": "secteam@freebsd.org"}, {"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html", "source": "secteam@freebsd.org"}, {"url": "http://www.securityfocus.com/bid/24885", "tags": ["Patch"], "source": "secteam@freebsd.org"}, {"url": "http://www.securitytracker.com/id?1018379", "source": "secteam@freebsd.org"}, {"url": "http://www.vupen.com/english/advisories/2007/2521", "source": "secteam@freebsd.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35404", "source": "secteam@freebsd.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (crash) via (1) an end-of-file condition within a tar header that follows a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive, which results in a NULL pointer dereference, a different issue than CVE-2007-3644."}, {"lang": "es", "value": "archive_read_support_format_tar.c en libarchive anterior a 2.2.4 permite a atacantes remotos con la complicidad del usuario provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante (1) una condici\u00f3n de fin de fichero dentro de una cabecera tar que sigue una cabecera de extensi\u00f3n pax o (2) una cabecera de extensi\u00f3n pax en un archivo (a) PAX o (b) TAR, lo cual resulta en una referencia a un puntero nulo, un asunto diferente que CVE-2007-3644."}], "lastModified": "2017-07-29T01:32:27.237", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:freebsd:libarchive:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "637AE244-745E-4506-90FA-6092C83CC9BD", "versionEndIncluding": "2.2.3"}], "operator": "OR"}]}], "sourceIdentifier": "secteam@freebsd.org", "evaluatorSolution": "The vendor has released an update addressing this issue: http://people.freebsd.org/~kientzle/libarchive/"}