Vulnerability-Lookup

CVE-2011-1778 (GCVE-0-2011-1778)

Vulnerability from cvelistv5 – Published: 2012-04-13 20:00 – Updated: 2024-08-06 22:37

Summary

Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TAR archive.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

CERTA-2012-AVI-272

Vulnerability from certfr_avis - Published: 2012-05-10 - Updated: 2012-05-10

Trente-six vulnérabilités ont été corrigées dans OS X Lion. Il est possible d'exécuter du code arbitraire à distance, d'exécuter du code en local, d'obtenir des données sensibles et d'élever ses privilèges. De nombreuses applications et fonctions sont touchées, toutes sont décrites dans le bulletin Apple référencé dans la section « Documentation ».

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Versions antérieures à OS X Lion v10.7.4.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

RHSA-2011:1507

Vulnerability from csaf_redhat - Published: 2011-12-01 16:32 - Updated: 2025-11-21 17:39

Summary

Red Hat Security Advisory: libarchive security update

Notes

Topic

Updated libarchive packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Details

The libarchive programming library can create and read several different streaming archive formats, including GNU tar and cpio. It can also read ISO 9660 CD-ROM images. Two heap-based buffer overflow flaws were discovered in libarchive. If a user were tricked into expanding a specially-crafted ISO 9660 CD-ROM image or tar archive with an application using libarchive, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-1777, CVE-2011-1778) All libarchive users should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using libarchive must be restarted for this update to take effect.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated libarchive packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The libarchive programming library can create and read several different\nstreaming archive formats, including GNU tar and cpio. It can also read ISO\n9660 CD-ROM images.\n\nTwo heap-based buffer overflow flaws were discovered in libarchive. If a\nuser were tricked into expanding a specially-crafted ISO 9660 CD-ROM image\nor tar archive with an application using libarchive, it could cause the\napplication to crash or, potentially, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2011-1777,\nCVE-2011-1778)\n\nAll libarchive users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running\napplications using libarchive must be restarted for this update to take\neffect.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2011:1507",
        "url": "https://access.redhat.com/errata/RHSA-2011:1507"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "705849",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=705849"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2011/rhsa-2011_1507.json"
      }
    ],
    "title": "Red Hat Security Advisory: libarchive security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:39:15+00:00",
      "generator": {
        "date": "2025-11-21T17:39:15+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2011:1507",
      "initial_release_date": "2011-12-01T16:32:00+00:00",
      "revision_history": [
        {
          "date": "2011-12-01T16:32:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2011-12-01T16:32:58+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:39:15+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server (v. 6)",
                  "product_id": "6Server-6.1.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:6::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Optional (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Optional (v. 6)",
                  "product_id": "6Server-optional-6.1.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:6::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libarchive-devel-0:2.8.3-3.el6_1.i686",
                "product": {
                  "name": "libarchive-devel-0:2.8.3-3.el6_1.i686",
                  "product_id": "libarchive-devel-0:2.8.3-3.el6_1.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libarchive-devel@2.8.3-3.el6_1?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libarchive-debuginfo-0:2.8.3-3.el6_1.i686",
                "product": {
                  "name": "libarchive-debuginfo-0:2.8.3-3.el6_1.i686",
                  "product_id": "libarchive-debuginfo-0:2.8.3-3.el6_1.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libarchive-debuginfo@2.8.3-3.el6_1?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libarchive-0:2.8.3-3.el6_1.i686",
                "product": {
                  "name": "libarchive-0:2.8.3-3.el6_1.i686",
                  "product_id": "libarchive-0:2.8.3-3.el6_1.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libarchive@2.8.3-3.el6_1?arch=i686"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libarchive-devel-0:2.8.3-3.el6_1.x86_64",
                "product": {
                  "name": "libarchive-devel-0:2.8.3-3.el6_1.x86_64",
                  "product_id": "libarchive-devel-0:2.8.3-3.el6_1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libarchive-devel@2.8.3-3.el6_1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libarchive-debuginfo-0:2.8.3-3.el6_1.x86_64",
                "product": {
                  "name": "libarchive-debuginfo-0:2.8.3-3.el6_1.x86_64",
                  "product_id": "libarchive-debuginfo-0:2.8.3-3.el6_1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libarchive-debuginfo@2.8.3-3.el6_1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libarchive-0:2.8.3-3.el6_1.x86_64",
                "product": {
                  "name": "libarchive-0:2.8.3-3.el6_1.x86_64",
                  "product_id": "libarchive-0:2.8.3-3.el6_1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libarchive@2.8.3-3.el6_1?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libarchive-devel-0:2.8.3-3.el6_1.ppc64",
                "product": {
                  "name": "libarchive-devel-0:2.8.3-3.el6_1.ppc64",
                  "product_id": "libarchive-devel-0:2.8.3-3.el6_1.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libarchive-devel@2.8.3-3.el6_1?arch=ppc64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libarchive-debuginfo-0:2.8.3-3.el6_1.ppc64",
                "product": {
                  "name": "libarchive-debuginfo-0:2.8.3-3.el6_1.ppc64",
                  "product_id": "libarchive-debuginfo-0:2.8.3-3.el6_1.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libarchive-debuginfo@2.8.3-3.el6_1?arch=ppc64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libarchive-0:2.8.3-3.el6_1.ppc64",
                "product": {
                  "name": "libarchive-0:2.8.3-3.el6_1.ppc64",
                  "product_id": "libarchive-0:2.8.3-3.el6_1.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libarchive@2.8.3-3.el6_1?arch=ppc64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libarchive-devel-0:2.8.3-3.el6_1.ppc",
                "product": {
                  "name": "libarchive-devel-0:2.8.3-3.el6_1.ppc",
                  "product_id": "libarchive-devel-0:2.8.3-3.el6_1.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libarchive-devel@2.8.3-3.el6_1?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libarchive-debuginfo-0:2.8.3-3.el6_1.ppc",
                "product": {
                  "name": "libarchive-debuginfo-0:2.8.3-3.el6_1.ppc",
                  "product_id": "libarchive-debuginfo-0:2.8.3-3.el6_1.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libarchive-debuginfo@2.8.3-3.el6_1?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libarchive-0:2.8.3-3.el6_1.ppc",
                "product": {
                  "name": "libarchive-0:2.8.3-3.el6_1.ppc",
                  "product_id": "libarchive-0:2.8.3-3.el6_1.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libarchive@2.8.3-3.el6_1?arch=ppc"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libarchive-devel-0:2.8.3-3.el6_1.s390x",
                "product": {
                  "name": "libarchive-devel-0:2.8.3-3.el6_1.s390x",
                  "product_id": "libarchive-devel-0:2.8.3-3.el6_1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libarchive-devel@2.8.3-3.el6_1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libarchive-debuginfo-0:2.8.3-3.el6_1.s390x",
                "product": {
                  "name": "libarchive-debuginfo-0:2.8.3-3.el6_1.s390x",
                  "product_id": "libarchive-debuginfo-0:2.8.3-3.el6_1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libarchive-debuginfo@2.8.3-3.el6_1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libarchive-0:2.8.3-3.el6_1.s390x",
                "product": {
                  "name": "libarchive-0:2.8.3-3.el6_1.s390x",
                  "product_id": "libarchive-0:2.8.3-3.el6_1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libarchive@2.8.3-3.el6_1?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libarchive-devel-0:2.8.3-3.el6_1.s390",
                "product": {
                  "name": "libarchive-devel-0:2.8.3-3.el6_1.s390",
                  "product_id": "libarchive-devel-0:2.8.3-3.el6_1.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libarchive-devel@2.8.3-3.el6_1?arch=s390"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libarchive-debuginfo-0:2.8.3-3.el6_1.s390",
                "product": {
                  "name": "libarchive-debuginfo-0:2.8.3-3.el6_1.s390",
                  "product_id": "libarchive-debuginfo-0:2.8.3-3.el6_1.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libarchive-debuginfo@2.8.3-3.el6_1?arch=s390"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libarchive-0:2.8.3-3.el6_1.s390",
                "product": {
                  "name": "libarchive-0:2.8.3-3.el6_1.s390",
                  "product_id": "libarchive-0:2.8.3-3.el6_1.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libarchive@2.8.3-3.el6_1?arch=s390"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libarchive-0:2.8.3-3.el6_1.src",
                "product": {
                  "name": "libarchive-0:2.8.3-3.el6_1.src",
                  "product_id": "libarchive-0:2.8.3-3.el6_1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libarchive@2.8.3-3.el6_1?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-0:2.8.3-3.el6_1.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.i686"
        },
        "product_reference": "libarchive-0:2.8.3-3.el6_1.i686",
        "relates_to_product_reference": "6Server-6.1.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-0:2.8.3-3.el6_1.ppc as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.ppc"
        },
        "product_reference": "libarchive-0:2.8.3-3.el6_1.ppc",
        "relates_to_product_reference": "6Server-6.1.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-0:2.8.3-3.el6_1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.ppc64"
        },
        "product_reference": "libarchive-0:2.8.3-3.el6_1.ppc64",
        "relates_to_product_reference": "6Server-6.1.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-0:2.8.3-3.el6_1.s390 as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.s390"
        },
        "product_reference": "libarchive-0:2.8.3-3.el6_1.s390",
        "relates_to_product_reference": "6Server-6.1.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-0:2.8.3-3.el6_1.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.s390x"
        },
        "product_reference": "libarchive-0:2.8.3-3.el6_1.s390x",
        "relates_to_product_reference": "6Server-6.1.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-0:2.8.3-3.el6_1.src as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.src"
        },
        "product_reference": "libarchive-0:2.8.3-3.el6_1.src",
        "relates_to_product_reference": "6Server-6.1.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-0:2.8.3-3.el6_1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.x86_64"
        },
        "product_reference": "libarchive-0:2.8.3-3.el6_1.x86_64",
        "relates_to_product_reference": "6Server-6.1.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-debuginfo-0:2.8.3-3.el6_1.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.i686"
        },
        "product_reference": "libarchive-debuginfo-0:2.8.3-3.el6_1.i686",
        "relates_to_product_reference": "6Server-6.1.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-debuginfo-0:2.8.3-3.el6_1.ppc as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.ppc"
        },
        "product_reference": "libarchive-debuginfo-0:2.8.3-3.el6_1.ppc",
        "relates_to_product_reference": "6Server-6.1.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-debuginfo-0:2.8.3-3.el6_1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.ppc64"
        },
        "product_reference": "libarchive-debuginfo-0:2.8.3-3.el6_1.ppc64",
        "relates_to_product_reference": "6Server-6.1.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-debuginfo-0:2.8.3-3.el6_1.s390 as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.s390"
        },
        "product_reference": "libarchive-debuginfo-0:2.8.3-3.el6_1.s390",
        "relates_to_product_reference": "6Server-6.1.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-debuginfo-0:2.8.3-3.el6_1.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.s390x"
        },
        "product_reference": "libarchive-debuginfo-0:2.8.3-3.el6_1.s390x",
        "relates_to_product_reference": "6Server-6.1.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-debuginfo-0:2.8.3-3.el6_1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.x86_64"
        },
        "product_reference": "libarchive-debuginfo-0:2.8.3-3.el6_1.x86_64",
        "relates_to_product_reference": "6Server-6.1.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-devel-0:2.8.3-3.el6_1.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.i686"
        },
        "product_reference": "libarchive-devel-0:2.8.3-3.el6_1.i686",
        "relates_to_product_reference": "6Server-6.1.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-devel-0:2.8.3-3.el6_1.ppc as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.ppc"
        },
        "product_reference": "libarchive-devel-0:2.8.3-3.el6_1.ppc",
        "relates_to_product_reference": "6Server-6.1.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-devel-0:2.8.3-3.el6_1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.ppc64"
        },
        "product_reference": "libarchive-devel-0:2.8.3-3.el6_1.ppc64",
        "relates_to_product_reference": "6Server-6.1.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-devel-0:2.8.3-3.el6_1.s390 as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.s390"
        },
        "product_reference": "libarchive-devel-0:2.8.3-3.el6_1.s390",
        "relates_to_product_reference": "6Server-6.1.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-devel-0:2.8.3-3.el6_1.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.s390x"
        },
        "product_reference": "libarchive-devel-0:2.8.3-3.el6_1.s390x",
        "relates_to_product_reference": "6Server-6.1.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-devel-0:2.8.3-3.el6_1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.x86_64"
        },
        "product_reference": "libarchive-devel-0:2.8.3-3.el6_1.x86_64",
        "relates_to_product_reference": "6Server-6.1.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-0:2.8.3-3.el6_1.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.i686"
        },
        "product_reference": "libarchive-0:2.8.3-3.el6_1.i686",
        "relates_to_product_reference": "6Server-optional-6.1.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-0:2.8.3-3.el6_1.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.ppc"
        },
        "product_reference": "libarchive-0:2.8.3-3.el6_1.ppc",
        "relates_to_product_reference": "6Server-optional-6.1.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-0:2.8.3-3.el6_1.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.ppc64"
        },
        "product_reference": "libarchive-0:2.8.3-3.el6_1.ppc64",
        "relates_to_product_reference": "6Server-optional-6.1.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-0:2.8.3-3.el6_1.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.s390"
        },
        "product_reference": "libarchive-0:2.8.3-3.el6_1.s390",
        "relates_to_product_reference": "6Server-optional-6.1.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-0:2.8.3-3.el6_1.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.s390x"
        },
        "product_reference": "libarchive-0:2.8.3-3.el6_1.s390x",
        "relates_to_product_reference": "6Server-optional-6.1.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-0:2.8.3-3.el6_1.src as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.src"
        },
        "product_reference": "libarchive-0:2.8.3-3.el6_1.src",
        "relates_to_product_reference": "6Server-optional-6.1.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-0:2.8.3-3.el6_1.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.x86_64"
        },
        "product_reference": "libarchive-0:2.8.3-3.el6_1.x86_64",
        "relates_to_product_reference": "6Server-optional-6.1.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-debuginfo-0:2.8.3-3.el6_1.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.i686"
        },
        "product_reference": "libarchive-debuginfo-0:2.8.3-3.el6_1.i686",
        "relates_to_product_reference": "6Server-optional-6.1.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-debuginfo-0:2.8.3-3.el6_1.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.ppc"
        },
        "product_reference": "libarchive-debuginfo-0:2.8.3-3.el6_1.ppc",
        "relates_to_product_reference": "6Server-optional-6.1.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-debuginfo-0:2.8.3-3.el6_1.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.ppc64"
        },
        "product_reference": "libarchive-debuginfo-0:2.8.3-3.el6_1.ppc64",
        "relates_to_product_reference": "6Server-optional-6.1.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-debuginfo-0:2.8.3-3.el6_1.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.s390"
        },
        "product_reference": "libarchive-debuginfo-0:2.8.3-3.el6_1.s390",
        "relates_to_product_reference": "6Server-optional-6.1.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-debuginfo-0:2.8.3-3.el6_1.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.s390x"
        },
        "product_reference": "libarchive-debuginfo-0:2.8.3-3.el6_1.s390x",
        "relates_to_product_reference": "6Server-optional-6.1.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-debuginfo-0:2.8.3-3.el6_1.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.x86_64"
        },
        "product_reference": "libarchive-debuginfo-0:2.8.3-3.el6_1.x86_64",
        "relates_to_product_reference": "6Server-optional-6.1.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-devel-0:2.8.3-3.el6_1.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.i686"
        },
        "product_reference": "libarchive-devel-0:2.8.3-3.el6_1.i686",
        "relates_to_product_reference": "6Server-optional-6.1.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-devel-0:2.8.3-3.el6_1.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.ppc"
        },
        "product_reference": "libarchive-devel-0:2.8.3-3.el6_1.ppc",
        "relates_to_product_reference": "6Server-optional-6.1.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-devel-0:2.8.3-3.el6_1.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.ppc64"
        },
        "product_reference": "libarchive-devel-0:2.8.3-3.el6_1.ppc64",
        "relates_to_product_reference": "6Server-optional-6.1.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-devel-0:2.8.3-3.el6_1.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.s390"
        },
        "product_reference": "libarchive-devel-0:2.8.3-3.el6_1.s390",
        "relates_to_product_reference": "6Server-optional-6.1.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-devel-0:2.8.3-3.el6_1.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.s390x"
        },
        "product_reference": "libarchive-devel-0:2.8.3-3.el6_1.s390x",
        "relates_to_product_reference": "6Server-optional-6.1.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libarchive-devel-0:2.8.3-3.el6_1.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.x86_64"
        },
        "product_reference": "libarchive-devel-0:2.8.3-3.el6_1.x86_64",
        "relates_to_product_reference": "6Server-optional-6.1.z"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2011-1777",
      "discovery_date": "2011-05-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "705849"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple buffer overflows in the (1) heap_add_entry and (2) relocate_dir functions in archive_read_support_format_iso9660.c in libarchive through 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ISO9660 image.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Libarchive multiple security issues",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.i686",
          "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.ppc",
          "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.ppc64",
          "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.s390",
          "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.s390x",
          "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.src",
          "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.x86_64",
          "6Server-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.i686",
          "6Server-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.ppc",
          "6Server-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.ppc64",
          "6Server-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.s390",
          "6Server-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.s390x",
          "6Server-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.x86_64",
          "6Server-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.i686",
          "6Server-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.ppc",
          "6Server-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.ppc64",
          "6Server-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.s390",
          "6Server-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.s390x",
          "6Server-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.x86_64",
          "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.i686",
          "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.ppc",
          "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.ppc64",
          "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.s390",
          "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.s390x",
          "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.src",
          "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.x86_64",
          "6Server-optional-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.i686",
          "6Server-optional-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.ppc",
          "6Server-optional-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.ppc64",
          "6Server-optional-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.s390",
          "6Server-optional-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.s390x",
          "6Server-optional-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.x86_64",
          "6Server-optional-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.i686",
          "6Server-optional-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.ppc",
          "6Server-optional-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.ppc64",
          "6Server-optional-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.s390",
          "6Server-optional-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.s390x",
          "6Server-optional-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2011-1777"
        },
        {
          "category": "external",
          "summary": "RHBZ#705849",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=705849"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2011-1777",
          "url": "https://www.cve.org/CVERecord?id=CVE-2011-1777"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-1777",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1777"
        }
      ],
      "release_date": "2010-12-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2011-12-01T16:32:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259",
          "product_ids": [
            "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.i686",
            "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.ppc",
            "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.ppc64",
            "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.s390",
            "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.s390x",
            "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.src",
            "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.x86_64",
            "6Server-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.i686",
            "6Server-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.ppc",
            "6Server-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.ppc64",
            "6Server-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.s390",
            "6Server-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.s390x",
            "6Server-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.x86_64",
            "6Server-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.i686",
            "6Server-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.ppc",
            "6Server-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.ppc64",
            "6Server-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.s390",
            "6Server-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.s390x",
            "6Server-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.x86_64",
            "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.i686",
            "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.ppc",
            "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.ppc64",
            "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.s390",
            "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.s390x",
            "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.src",
            "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.x86_64",
            "6Server-optional-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.i686",
            "6Server-optional-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.ppc",
            "6Server-optional-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.ppc64",
            "6Server-optional-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.s390",
            "6Server-optional-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.s390x",
            "6Server-optional-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.x86_64",
            "6Server-optional-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.i686",
            "6Server-optional-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.ppc",
            "6Server-optional-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.ppc64",
            "6Server-optional-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.s390",
            "6Server-optional-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.s390x",
            "6Server-optional-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2011:1507"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.i686",
            "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.ppc",
            "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.ppc64",
            "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.s390",
            "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.s390x",
            "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.src",
            "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.x86_64",
            "6Server-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.i686",
            "6Server-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.ppc",
            "6Server-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.ppc64",
            "6Server-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.s390",
            "6Server-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.s390x",
            "6Server-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.x86_64",
            "6Server-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.i686",
            "6Server-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.ppc",
            "6Server-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.ppc64",
            "6Server-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.s390",
            "6Server-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.s390x",
            "6Server-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.x86_64",
            "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.i686",
            "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.ppc",
            "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.ppc64",
            "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.s390",
            "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.s390x",
            "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.src",
            "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.x86_64",
            "6Server-optional-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.i686",
            "6Server-optional-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.ppc",
            "6Server-optional-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.ppc64",
            "6Server-optional-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.s390",
            "6Server-optional-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.s390x",
            "6Server-optional-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.x86_64",
            "6Server-optional-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.i686",
            "6Server-optional-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.ppc",
            "6Server-optional-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.ppc64",
            "6Server-optional-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.s390",
            "6Server-optional-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.s390x",
            "6Server-optional-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Libarchive multiple security issues"
    },
    {
      "cve": "CVE-2011-1778",
      "discovery_date": "2011-05-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "705849"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TAR archive.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Libarchive multiple security issues",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.i686",
          "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.ppc",
          "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.ppc64",
          "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.s390",
          "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.s390x",
          "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.src",
          "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.x86_64",
          "6Server-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.i686",
          "6Server-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.ppc",
          "6Server-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.ppc64",
          "6Server-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.s390",
          "6Server-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.s390x",
          "6Server-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.x86_64",
          "6Server-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.i686",
          "6Server-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.ppc",
          "6Server-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.ppc64",
          "6Server-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.s390",
          "6Server-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.s390x",
          "6Server-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.x86_64",
          "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.i686",
          "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.ppc",
          "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.ppc64",
          "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.s390",
          "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.s390x",
          "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.src",
          "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.x86_64",
          "6Server-optional-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.i686",
          "6Server-optional-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.ppc",
          "6Server-optional-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.ppc64",
          "6Server-optional-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.s390",
          "6Server-optional-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.s390x",
          "6Server-optional-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.x86_64",
          "6Server-optional-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.i686",
          "6Server-optional-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.ppc",
          "6Server-optional-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.ppc64",
          "6Server-optional-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.s390",
          "6Server-optional-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.s390x",
          "6Server-optional-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2011-1778"
        },
        {
          "category": "external",
          "summary": "RHBZ#705849",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=705849"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2011-1778",
          "url": "https://www.cve.org/CVERecord?id=CVE-2011-1778"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-1778",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1778"
        }
      ],
      "release_date": "2010-12-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2011-12-01T16:32:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259",
          "product_ids": [
            "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.i686",
            "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.ppc",
            "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.ppc64",
            "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.s390",
            "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.s390x",
            "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.src",
            "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.x86_64",
            "6Server-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.i686",
            "6Server-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.ppc",
            "6Server-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.ppc64",
            "6Server-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.s390",
            "6Server-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.s390x",
            "6Server-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.x86_64",
            "6Server-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.i686",
            "6Server-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.ppc",
            "6Server-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.ppc64",
            "6Server-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.s390",
            "6Server-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.s390x",
            "6Server-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.x86_64",
            "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.i686",
            "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.ppc",
            "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.ppc64",
            "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.s390",
            "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.s390x",
            "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.src",
            "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.x86_64",
            "6Server-optional-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.i686",
            "6Server-optional-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.ppc",
            "6Server-optional-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.ppc64",
            "6Server-optional-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.s390",
            "6Server-optional-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.s390x",
            "6Server-optional-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.x86_64",
            "6Server-optional-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.i686",
            "6Server-optional-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.ppc",
            "6Server-optional-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.ppc64",
            "6Server-optional-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.s390",
            "6Server-optional-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.s390x",
            "6Server-optional-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2011:1507"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.i686",
            "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.ppc",
            "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.ppc64",
            "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.s390",
            "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.s390x",
            "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.src",
            "6Server-6.1.z:libarchive-0:2.8.3-3.el6_1.x86_64",
            "6Server-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.i686",
            "6Server-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.ppc",
            "6Server-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.ppc64",
            "6Server-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.s390",
            "6Server-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.s390x",
            "6Server-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.x86_64",
            "6Server-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.i686",
            "6Server-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.ppc",
            "6Server-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.ppc64",
            "6Server-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.s390",
            "6Server-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.s390x",
            "6Server-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.x86_64",
            "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.i686",
            "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.ppc",
            "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.ppc64",
            "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.s390",
            "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.s390x",
            "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.src",
            "6Server-optional-6.1.z:libarchive-0:2.8.3-3.el6_1.x86_64",
            "6Server-optional-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.i686",
            "6Server-optional-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.ppc",
            "6Server-optional-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.ppc64",
            "6Server-optional-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.s390",
            "6Server-optional-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.s390x",
            "6Server-optional-6.1.z:libarchive-debuginfo-0:2.8.3-3.el6_1.x86_64",
            "6Server-optional-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.i686",
            "6Server-optional-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.ppc",
            "6Server-optional-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.ppc64",
            "6Server-optional-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.s390",
            "6Server-optional-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.s390x",
            "6Server-optional-6.1.z:libarchive-devel-0:2.8.3-3.el6_1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Libarchive multiple security issues"
    }
  ]
}

GHSA-J8FM-G3QM-7GM3

Vulnerability from github – Published: 2022-05-14 03:51 – Updated: 2022-05-14 03:51

Details

Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TAR archive.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-1778"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-04-13T20:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TAR archive.",
  "id": "GHSA-j8fm-g3qm-7gm3",
  "modified": "2022-05-14T03:51:36Z",
  "published": "2022-05-14T03:51:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1778"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=705849"
    },
    {
      "type": "WEB",
      "url": "https://rhn.redhat.com/errata/RHSA-2011-1507.html"
    },
    {
      "type": "WEB",
      "url": "http://code.google.com/p/libarchive/source/detail?r=3160"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/48034"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT5281"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2012/dsa-2413"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2011-1778

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TAR archive.

Aliases

CVE-2011-1778

Aliases

CVE-2011-1778

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-1778",
    "description": "Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TAR archive.",
    "id": "GSD-2011-1778",
    "references": [
      "https://www.suse.com/security/cve/CVE-2011-1778.html",
      "https://www.debian.org/security/2012/dsa-2413",
      "https://access.redhat.com/errata/RHSA-2011:1507",
      "https://linux.oracle.com/cve/CVE-2011-1778.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-1778"
      ],
      "details": "Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TAR archive.",
      "id": "GSD-2011-1778",
      "modified": "2023-12-13T01:19:08.355697Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2011-1778",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TAR archive."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html",
            "refsource": "MISC",
            "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
          },
          {
            "name": "http://support.apple.com/kb/HT5281",
            "refsource": "MISC",
            "url": "http://support.apple.com/kb/HT5281"
          },
          {
            "name": "http://secunia.com/advisories/48034",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/48034"
          },
          {
            "name": "http://www.debian.org/security/2012/dsa-2413",
            "refsource": "MISC",
            "url": "http://www.debian.org/security/2012/dsa-2413"
          },
          {
            "name": "https://rhn.redhat.com/errata/RHSA-2011-1507.html",
            "refsource": "MISC",
            "url": "https://rhn.redhat.com/errata/RHSA-2011-1507.html"
          },
          {
            "name": "http://code.google.com/p/libarchive/source/detail?r=3160",
            "refsource": "MISC",
            "url": "http://code.google.com/p/libarchive/source/detail?r=3160"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=705849",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=705849"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:freebsd:libarchive:2.8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:freebsd:libarchive:2.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:freebsd:libarchive:2.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:freebsd:libarchive:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.8.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:freebsd:libarchive:2.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:freebsd:libarchive:2.8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:freebsd:libarchive:2.8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:freebsd:libarchive:2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:freebsd:libarchive:2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:freebsd:libarchive:2.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:freebsd:libarchive:2.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:freebsd:libarchive:2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:freebsd:libarchive:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:freebsd:libarchive:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:freebsd:libarchive:2.8.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:freebsd:libarchive:2.8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:freebsd:libarchive:2.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:freebsd:libarchive:2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2011-1778"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TAR archive."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://code.google.com/p/libarchive/source/detail?r=3160",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://code.google.com/p/libarchive/source/detail?r=3160"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=705849",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=705849"
            },
            {
              "name": "RHSA-2011:1507",
              "refsource": "REDHAT",
              "tags": [],
              "url": "https://rhn.redhat.com/errata/RHSA-2011-1507.html"
            },
            {
              "name": "http://support.apple.com/kb/HT5281",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT5281"
            },
            {
              "name": "APPLE-SA-2012-05-09-1",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
            },
            {
              "name": "48034",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/48034"
            },
            {
              "name": "DSA-2413",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2012/dsa-2413"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-01-10T02:29Z",
      "publishedDate": "2012-04-13T20:55Z"
    }
  }
}

FKIE_CVE-2011-1778

Vulnerability from fkie_nvd - Published: 2012-04-13 20:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TAR archive.

References

	URL	Tags
	secalert@redhat.com	http://code.google.com/p/libarchive/source/detail?r=3160
	secalert@redhat.com	http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
	secalert@redhat.com	http://secunia.com/advisories/48034
	secalert@redhat.com	http://support.apple.com/kb/HT5281
	secalert@redhat.com	http://www.debian.org/security/2012/dsa-2413
	secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=705849
	secalert@redhat.com	https://rhn.redhat.com/errata/RHSA-2011-1507.html
	af854a3a-2127-422b-91ae-364da2661108	http://code.google.com/p/libarchive/source/detail?r=3160
	af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48034
	af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT5281
	af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2012/dsa-2413
	af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=705849
	af854a3a-2127-422b-91ae-364da2661108	https://rhn.redhat.com/errata/RHSA-2011-1507.html

Impacted products

Vendor	Product	Version
freebsd	libarchive	*
freebsd	libarchive	2.0
freebsd	libarchive	2.1
freebsd	libarchive	2.2
freebsd	libarchive	2.2.3
freebsd	libarchive	2.3
freebsd	libarchive	2.4
freebsd	libarchive	2.5
freebsd	libarchive	2.6
freebsd	libarchive	2.6.1
freebsd	libarchive	2.6.2
freebsd	libarchive	2.7.0
freebsd	libarchive	2.7.1
freebsd	libarchive	2.8.0
freebsd	libarchive	2.8.1
freebsd	libarchive	2.8.2
freebsd	libarchive	2.8.3
freebsd	libarchive	2.8.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:freebsd:libarchive:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "368424B7-7A08-44EE-861D-95F3F4BF82B1",
              "versionEndIncluding": "2.8.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freebsd:libarchive:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3753B9F-CBED-462F-B209-2CB96BA007E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freebsd:libarchive:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC137D4C-8BDB-4BCC-83B0-051BF112EBFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freebsd:libarchive:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "48996E6B-4B09-4858-A848-DF8AFC282B0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freebsd:libarchive:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A3F3A08-0B42-40B7-91F6-00B2F7FF26CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freebsd:libarchive:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "91C7B583-2820-4B32-9182-026F9969F9D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freebsd:libarchive:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FC04763-2FEA-44E5-B117-6884C558BAE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freebsd:libarchive:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB37633-F110-4F87-95D2-9F61DD83EE38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freebsd:libarchive:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CB56712-0ACC-402C-95D3-CDAA46BFCD7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freebsd:libarchive:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5341EC48-4C91-4C8F-AA20-F695B7FD9BE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freebsd:libarchive:2.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "55DB89CA-C763-4B72-B709-0632C413BD45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freebsd:libarchive:2.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA6CD573-3128-4FC0-9F9A-796F2C82FBCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freebsd:libarchive:2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3026BE26-BC84-4F53-9CBC-1335A946E075",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freebsd:libarchive:2.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "56AE92D3-67DF-4CF9-ABDD-A3BAD8F28BC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freebsd:libarchive:2.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BD245EB-E95D-42B8-88A0-55A9DE5C2D41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freebsd:libarchive:2.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "968B42D1-9A4F-4898-A505-EE8BCE35A596",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freebsd:libarchive:2.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BE82186-D43B-4C08-A338-9C53A4B64B00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freebsd:libarchive:2.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E6033C5-CD4E-447C-89DD-3F04A81320CA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TAR archive."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en libarchive hasta v2.8.5, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente la ejecuci\u00f3n de c\u00f3digo a trav\u00e9s de un fichero TAR manipulado."
    }
  ],
  "id": "CVE-2011-1778",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-04-13T20:55:01.353",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://code.google.com/p/libarchive/source/detail?r=3160"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/48034"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.apple.com/kb/HT5281"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2012/dsa-2413"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=705849"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://rhn.redhat.com/errata/RHSA-2011-1507.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://code.google.com/p/libarchive/source/detail?r=3160"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48034"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT5281"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2012/dsa-2413"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=705849"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://rhn.redhat.com/errata/RHSA-2011-1507.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-1778 (GCVE-0-2011-1778)

CERTA-2012-AVI-272

Solution

RHSA-2011:1507

GHSA-J8FM-G3QM-7GM3

GSD-2011-1778

FKIE_CVE-2011-1778

Tags

Sightings

Nomenclature