CVE-2017-14166
06.09.2017, 18:29
libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| libarchive | libarchive | 3.3.2 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 16.04 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| bsdtar |
| ||||||||||||||||||||||||||||||||||||||||||||||||
| libarchive-devel |
| ||||||||||||||||||||||||||||||||||||||||||||||||
| libarchive13 |
|
Red Hat Enterprise Linux Releases
Common Weakness Enumeration
References