Bug 1439703 (CVE-2016-10209) - CVE-2016-10209 libarchive: NULL pointer dereference in archive_wstring_append_from_mbs function
Summary: CVE-2016-10209 libarchive: NULL pointer dereference in archive_wstring_append...
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2016-10209
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1439704 1439705
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-04-06 12:15 UTC by Andrej Nemec
Modified: 2019-09-29 14:09 UTC (History)
5 users (show)

Fixed In Version: libarchive 3.3.0
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-04-06 12:16:14 UTC


Attachments (Terms of Use)

Description Andrej Nemec 2017-04-06 12:15:12 UTC
The archive_wstring_append_from_mbs function in archive_string.c in libarchive allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file.

Upstream bug:

https://github.com/libarchive/libarchive/issues/842

Upstream patch:

https://github.com/libarchive/libarchive/commit/e8a9de5eaf3b79fc3d990d056343bb52c51c5ba4

Comment 1 Andrej Nemec 2017-04-06 12:15:49 UTC
Created libarchive tracking bugs for this issue:

Affects: fedora-all [bug 1439705]


Created libarchive3 tracking bugs for this issue:

Affects: epel-6 [bug 1439704]

Comment 2 Tomas Hoger 2019-04-10 13:04:33 UTC
In reply to comment #0:
> Upstream patch:
> 
> https://github.com/libarchive/libarchive/commit/e8a9de5eaf3b79fc3d990d056343bb52c51c5ba4

This is not a patch fixing this problem, this was only indicated in the upstream bug as version that is no longer affected.  This has been fixed in an earlier commit, the following is indicated in the upstream bug:

https://github.com/libarchive/libarchive/commit/42a3408ac7df1e69bea9ea12b72e14f59f7400c0


Note You need to log in before you can comment on or make changes to this bug.