CVE-2016-4300 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2016-4300?

CVE-2016-4300 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-4300?

Check the references section above for vendor advisories and patch information. Affected products include: Libarchive Libarchive, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Hpc Node, Redhat Enterprise Linux Hpc Node Eus, Redhat Enterprise Linux Server.

Vulnerability Description

Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.

CVSS Score

7.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Libarchive	Libarchive	<= 3.2.0
Redhat	Enterprise Linux Desktop	7.0
Redhat	Enterprise Linux Hpc Node	7.0
Redhat	Enterprise Linux Hpc Node Eus	7.2
Redhat	Enterprise Linux Server	7.0
Redhat	Enterprise Linux Server Aus	7.2
Redhat	Enterprise Linux Server Eus	7.2
Redhat	Enterprise Linux Workstation	7.0

Related Weaknesses (CWE)

CWE-190

References

http://blog.talosintel.com/2016/06/the-poisoned-archives.htmlExploitThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1844.htmlThird Party Advisory
http://www.debian.org/security/2016/dsa-3657
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.h
http://www.securityfocus.com/bid/91326Third Party AdvisoryVDB Entry
http://www.talosintel.com/reports/TALOS-2016-0152/ExploitThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1348439Issue Tracking
https://github.com/libarchive/libarchive/commit/e79ef306afe332faf22e9b442a2c6b59Issue TrackingPatchThird Party Advisory
https://github.com/libarchive/libarchive/issues/718Issue TrackingPatchThird Party Advisory
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00062&languagei
https://security.gentoo.org/glsa/201701-03
http://blog.talosintel.com/2016/06/the-poisoned-archives.htmlExploitThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1844.htmlThird Party Advisory
http://www.debian.org/security/2016/dsa-3657

FAQ

What is CVE-2016-4300?

CVE-2016-4300 is a vulnerability with a CVSS score of 7.8 (HIGH). Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large num...

How severe is CVE-2016-4300?

CVE-2016-4300 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-4300?

Check the references section above for vendor advisories and patch information. Affected products include: Libarchive Libarchive, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Hpc Node, Redhat Enterprise Linux Hpc Node Eus, Redhat Enterprise Linux Server.