Bug 1216891 (CVE-2015-8915) - CVE-2015-8915 libarchive: crash via malformed cpio archive
Summary: CVE-2015-8915 libarchive: crash via malformed cpio archive
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2015-8915
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1216892 1216893
Blocks: 1216894
TreeView+ depends on / blocked
 
Reported: 2015-04-29 07:10 UTC by Martin Prpič
Modified: 2019-09-29 13:31 UTC (History)
3 users (show)

Fixed In Version: libarchive 3.2.0
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-08-17 04:06:30 UTC
Embargoed:


Attachments (Terms of Use)

Description Martin Prpič 2015-04-29 07:10:55 UTC
An out-of-bounds read flaw was found in the way libarchive processed certain CPIO archives. An attacker could create a specially crafted CPIO archive that, when processed by an application using the libarchive library, would cause that application to crash.

Additional details:

http://seclists.org/fulldisclosure/2015/Apr/102
https://github.com/libarchive/libarchive/issues/502

Upstream patch:

https://github.com/libarchive/libarchive/commit/e6c9668f3202215ddb71617b41c19b6f05acf008

Comment 1 Martin Prpič 2015-04-29 07:11:36 UTC
Created libarchive tracking bugs for this issue:

Affects: fedora-all [bug 1216892]
Affects: epel-5 [bug 1216893]

Comment 2 Fedora Update System 2015-05-03 17:21:32 UTC
libarchive-3.1.2-12.fc22 has been pushed to the Fedora 22 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 3 Fedora Update System 2015-05-22 17:59:17 UTC
libarchive-3.1.2-11.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 5 Doran Moppert 2016-06-20 03:14:24 UTC
CVE assignment:

    http://seclists.org/oss-sec/2016/q2/566

Upstream bug:

    https://github.com/libarchive/libarchive/issues/503 (identified as duplicate of /issues/502)


Note You need to log in before you can comment on or make changes to this bug.