1439703 – (CVE-2016-10209) CVE-2016-10209 libarchive: NULL pointer dereference in archive_wstring_append_from_mbs function

Bug 1439703 (CVE-2016-10209) - CVE-2016-10209 libarchive: NULL pointer dereference in archive_wstring_append_from_mbs function

Summary: CVE-2016-10209 libarchive: NULL pointer dereference in archive_wstring_append...

Keywords:
Status:	CLOSED WONTFIX
Alias:	CVE-2016-10209
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1439704 1439705
Blocks:
TreeView+	depends on / blocked

Reported:	2017-04-06 12:15 UTC by Andrej Nemec
Modified:	2019-09-29 14:09 UTC (History)
CC List:	5 users (show)
Fixed In Version:	libarchive 3.3.0
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-04-06 12:16:14 UTC
Embargoed:

Attachments	(Terms of Use)

Description Andrej Nemec 2017-04-06 12:15:12 UTC

The archive_wstring_append_from_mbs function in archive_string.c in libarchive allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file.

Upstream bug:

https://github.com/libarchive/libarchive/issues/842

Upstream patch:

https://github.com/libarchive/libarchive/commit/e8a9de5eaf3b79fc3d990d056343bb52c51c5ba4

Comment 1 Andrej Nemec 2017-04-06 12:15:49 UTC

Created libarchive tracking bugs for this issue:

Affects: fedora-all [bug 1439705]


Created libarchive3 tracking bugs for this issue:

Affects: epel-6 [bug 1439704]

Comment 2 Tomas Hoger 2019-04-10 13:04:33 UTC

In reply to comment #0:
> Upstream patch:
> 
> https://github.com/libarchive/libarchive/commit/e8a9de5eaf3b79fc3d990d056343bb52c51c5ba4

This is not a patch fixing this problem, this was only indicated in the upstream bug as version that is no longer affected.  This has been fixed in an earlier commit, the following is indicated in the upstream bug:

https://github.com/libarchive/libarchive/commit/42a3408ac7df1e69bea9ea12b72e14f59f7400c0

Note You need to log in before you can comment on or make changes to this bug.