oss-sec mailing list archives

CVE request: libarchive: Out of bounds read using malformed cpio archive

From: Salvatore Bonaccorso <carnil () debian org>
Date: Mon, 4 May 2015 07:35:51 +0200

Hi

Could a CVE be assigned for the following issue in libarchive:

Advisory by Paris Zoumpouloglou:
http://seclists.org/fulldisclosure/2015/Apr/102

Upstream bugreport (including reproducer for the issue):
https://github.com/libarchive/libarchive/issues/502

Fixing commit:
https://github.com/libarchive/libarchive/commit/e6c9668f3202215ddb71617b41c19b6f05acf008

Additional reference in Red Hat's bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=1216891

Regards,
Salvatore

Current thread:

CVE request: libarchive: Out of bounds read using malformed cpio archive Salvatore Bonaccorso (May 03)
- Re: CVE request: libarchive: Out of bounds read using malformed cpio archive Hanno Böck (May 03)