CVE-2016-2347 — HIGH (7.8) — White Hats Nepal

Q: What is CVE-2016-2347?

CVE-2016-2347 is a vulnerability with a CVSS score of 7.8 (HIGH). Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive.

Q: How severe is CVE-2016-2347?

CVE-2016-2347 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-2347?

Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Leap, Opensuse Opensuse, Debian Debian Linux, Lhasa Project Lhasa.

Vulnerability Description

Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive.

CVSS Score

7.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Opensuse	Leap	42.1
Opensuse	Opensuse	13.2
Debian	Debian Linux	7.0
Lhasa Project	Lhasa	<= 0.3.0

Related Weaknesses (CWE)

CWE-190

References

http://lists.opensuse.org/opensuse-updates/2016-04/msg00038.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-04/msg00039.htmlThird Party Advisory
http://www.debian.org/security/2016/dsa-3540Third Party Advisory
http://www.talosintelligence.com/reports/TALOS-2016-0095/ExploitTechnical DescriptionThird Party Advisory
https://github.com/fragglet/lhasa/commit/6fcdb8f1f538b9d63e63a5fa199c5514a15d456Issue TrackingPatchThird Party Advisory
https://github.com/fragglet/lhasa/releases/tag/v0.3.1Issue TrackingPatchThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-04/msg00038.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-04/msg00039.htmlThird Party Advisory
http://www.debian.org/security/2016/dsa-3540Third Party Advisory
http://www.talosintelligence.com/reports/TALOS-2016-0095/ExploitTechnical DescriptionThird Party Advisory
https://github.com/fragglet/lhasa/commit/6fcdb8f1f538b9d63e63a5fa199c5514a15d456Issue TrackingPatchThird Party Advisory
https://github.com/fragglet/lhasa/releases/tag/v0.3.1Issue TrackingPatchThird Party Advisory

FAQ

What is CVE-2016-2347?

CVE-2016-2347 is a vulnerability with a CVSS score of 7.8 (HIGH). Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive.

How severe is CVE-2016-2347?

CVE-2016-2347 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-2347?

Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Leap, Opensuse Opensuse, Debian Debian Linux, Lhasa Project Lhasa.