CVE-2016-4302 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2016-4302?

CVE-2016-4302 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-4302?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Hpc Node, Redhat Enterprise Linux Hpc Node Eus, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Aus.

Vulnerability Description

Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary.

CVSS Score

7.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Redhat	Enterprise Linux Desktop	7.0
Redhat	Enterprise Linux Hpc Node	7.0
Redhat	Enterprise Linux Hpc Node Eus	7.2
Redhat	Enterprise Linux Server	7.0
Redhat	Enterprise Linux Server Aus	7.2
Redhat	Enterprise Linux Server Eus	7.2
Redhat	Enterprise Linux Workstation	7.0
Libarchive	Libarchive	<= 3.2.0

Related Weaknesses (CWE)

CWE-119

References

http://blog.talosintel.com/2016/06/the-poisoned-archives.htmlExploitThird Party Advisory
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1348444Issue Tracking
http://rhn.redhat.com/errata/RHSA-2016-1844.htmlThird Party Advisory
http://www.debian.org/security/2016/dsa-3657
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.h
http://www.securityfocus.com/bid/91331Third Party AdvisoryVDB Entry
http://www.talosintel.com/reports/TALOS-2016-0154/ExploitThird Party Advisory
https://github.com/libarchive/libarchive/commit/05caadc7eedbef471ac9610809ba683fIssue TrackingPatch
https://github.com/libarchive/libarchive/issues/719Issue TrackingPatch
https://security.gentoo.org/glsa/201701-03
http://blog.talosintel.com/2016/06/the-poisoned-archives.htmlExploitThird Party Advisory
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1348444Issue Tracking
http://rhn.redhat.com/errata/RHSA-2016-1844.htmlThird Party Advisory
http://www.debian.org/security/2016/dsa-3657

FAQ

What is CVE-2016-4302?

CVE-2016-4302 is a vulnerability with a CVSS score of 7.8 (HIGH). Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-size...

How severe is CVE-2016-4302?

CVE-2016-4302 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-4302?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Hpc Node, Redhat Enterprise Linux Hpc Node Eus, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Aus.