rpm package
suse/bsdtar&distro=SUSE Linux Enterprise Point of Sale 11 SP3
pkg:rpm/suse/bsdtar&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-4809 | Hig | 7.5 | < 2.5.5-9.1 | 2.5.5-9.1 | Sep 21, 2016 | The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink. | |
| CVE-2015-8929 | Med | 5.5 | < 2.5.5-9.1 | 2.5.5-9.1 | Sep 20, 2016 | Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file. | |
| CVE-2015-8924 | Med | 5.5 | < 2.5.5-9.1 | 2.5.5-9.1 | Sep 20, 2016 | The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file. | |
| CVE-2015-8921 | Hig | 7.5 | < 2.5.5-9.1 | 2.5.5-9.1 | Sep 20, 2016 | The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. | |
| CVE-2015-8920 | Med | 5.5 | < 2.5.5-9.1 | 2.5.5-9.1 | Sep 20, 2016 | The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file. | |
| CVE-2015-8918 | Hig | 7.5 | < 2.5.5-9.1 | 2.5.5-9.1 | Sep 20, 2016 | The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy." | |
| CVE-2015-2304 | — | < 2.5.5-9.1 | 2.5.5-9.1 | Mar 15, 2015 | Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive. |
- affected < 2.5.5-9.1fixed 2.5.5-9.1
The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.
- affected < 2.5.5-9.1fixed 2.5.5-9.1
Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file.
- affected < 2.5.5-9.1fixed 2.5.5-9.1
The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file.
- affected < 2.5.5-9.1fixed 2.5.5-9.1
The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.
- affected < 2.5.5-9.1fixed 2.5.5-9.1
The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.
- affected < 2.5.5-9.1fixed 2.5.5-9.1
The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy."
- CVE-2015-2304Mar 15, 2015affected < 2.5.5-9.1fixed 2.5.5-9.1
Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.