oss-sec mailing list archives

Re: CVE request: libarchive (pre 3.2.0) denial of service with gzip quine

From: cve-assign () mitre org
Date: Thu, 8 Sep 2016 13:17:37 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

This was fixed in libarchive 3.2.0, but never got a CVE.

Upstream ticket:

https://github.com/libarchive/libarchive/issues/660

Original report:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207362


Use CVE-2016-7166.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJX0ZzHAAoJEHb/MwWLVhi2eIsP/RiYpHsHUUOkbj4ZwPiaeUri
FdB3DXqHIw7rh8sUFFWiwBuYVhOINLyEwAz9mHU9lqjMLNGvbgcA9++bC6506n6B
qVc8KQtMzOFtanRlC221OBccjFrYquKXmJYMcyPj4L9/0PQhZY7WIXY45kAgad7Y
0ihdIkcfDZoCogVRMU68+Z1tpzKsU/VjHAjRX78vP7DxqSuhOinI3Bs+NIM8UwY8
E/oyutjKbFqLxqe3ggOtXh/MYniWD11RaL4xt2k4wVOgJia01YJ+xDlRvES4iMON
meFsRIGWeRhHSY1sg4WYyONzb7H/HX0QuODsTr6vF7CaDjiwL4145bjhoP9Icb5n
BZEBrtnjjEFwJENwI13lrmQpdV/HL4hFJ20AuYxTPlKvneV2zlZ72s7wxxqsuo5G
kUKH5e48cZ8CG+JKkF0it86wszqA/5RIgH1rOaexMLi3Gc56b52S6GxOqJA79LQZ
P5xSPSgZRxTzblUyqF53fLV1sVKwvGLOgxWPcwbF4IeTH8bNt0w8vuIMnnMplKuS
KYEvoutuNi2E8mmD8xIQ8V96/Oqxth/IO31EQL+GozTOBzH4o8SFi8QodPtfmp/i
9jJEP1xn0tn26t7v8Wz6BS2jCr7SvqOynZXO/Ymichhg5VIFFZd/LTH7LMDx336H
XD+j8qjHOKLO8GPz7O7z
=VcJZ
-----END PGP SIGNATURE-----

Current thread:

CVE request: libarchive (pre 3.2.0) denial of service with gzip quine Doran Moppert (Sep 08)
- Re: CVE request: libarchive (pre 3.2.0) denial of service with gzip quine cve-assign (Sep 08)