{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-05-01T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-04T19:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "DSA-3574", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3574"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7"}, {"name": "USN-2981-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2981-1"}, {"name": "RHSA-2016:1844", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1844.html"}, {"name": "openSUSE-SU-2016:1463", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00003.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/libarchive/libarchive/issues/656"}, {"name": "openSUSE-SU-2016:1663", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00090.html"}, {"name": "89355", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/89355"}, {"name": "SSA:2016-145-01", "tags": ["vendor-advisory", "x_refsource_SLACKWARE"], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.352685"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"}, {"name": "GLSA-201701-03", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201701-03"}, {"name": "VU#862384", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/862384"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2016-1541", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-3574", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3574"}, {"name": "https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7", "refsource": "CONFIRM", "url": "https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7"}, {"name": "USN-2981-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2981-1"}, {"name": "RHSA-2016:1844", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-1844.html"}, {"name": "openSUSE-SU-2016:1463", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00003.html"}, {"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"}, {"name": "https://github.com/libarchive/libarchive/issues/656", "refsource": "CONFIRM", "url": "https://github.com/libarchive/libarchive/issues/656"}, {"name": "openSUSE-SU-2016:1663", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00090.html"}, {"name": "89355", "refsource": "BID", "url": "http://www.securityfocus.com/bid/89355"}, {"name": "SSA:2016-145-01", "refsource": "SLACKWARE", "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.352685"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"}, {"name": "GLSA-201701-03", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201701-03"}, {"name": "VU#862384", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/862384"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T23:02:11.964Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-3574", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3574"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7"}, {"name": "USN-2981-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2981-1"}, {"name": "RHSA-2016:1844", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1844.html"}, {"name": "openSUSE-SU-2016:1463", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00003.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/libarchive/libarchive/issues/656"}, {"name": "openSUSE-SU-2016:1663", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00090.html"}, {"name": "89355", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/89355"}, {"name": "SSA:2016-145-01", "tags": ["vendor-advisory", "x_refsource_SLACKWARE", "x_transferred"], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.352685"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"}, {"name": "GLSA-201701-03", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201701-03"}, {"name": "VU#862384", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/862384"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2016-1541", "datePublished": "2016-05-07T10:00:00", "dateReserved": "2016-01-07T00:00:00", "dateUpdated": "2024-08-05T23:02:11.964Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC45D478-0BA2-4386-B1D2-E516D9AC28A9", "versionEndIncluding": "3.1.901a", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive."}, {"lang": "es", "value": "Desbordamiento de buffer basado en memoria din\u00e1mica en la funci\u00f3n zip_read_mac_metadata en archive_read_support_format_zip.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de valores entry-size manipulados en un archivo ZIP."}], "id": "CVE-2016-1541", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-05-07T10:59:04.737", "references": [{"source": "cret@cert.org", "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00003.html"}, {"source": "cret@cert.org", "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00090.html"}, {"source": "cret@cert.org", "url": "http://rhn.redhat.com/errata/RHSA-2016-1844.html"}, {"source": "cret@cert.org", "url": "http://www.debian.org/security/2016/dsa-3574"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/862384"}, {"source": "cret@cert.org", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"}, {"source": "cret@cert.org", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"}, {"source": "cret@cert.org", "url": "http://www.securityfocus.com/bid/89355"}, {"source": "cret@cert.org", "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.352685"}, {"source": "cret@cert.org", "url": "http://www.ubuntu.com/usn/USN-2981-1"}, {"source": "cret@cert.org", "url": "https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7"}, {"source": "cret@cert.org", "url": "https://github.com/libarchive/libarchive/issues/656"}, {"source": "cret@cert.org", "url": "https://security.gentoo.org/glsa/201701-03"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00003.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00090.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2016-1844.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2016/dsa-3574"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/862384"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/89355"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.352685"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2981-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/libarchive/libarchive/issues/656"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201701-03"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2016:1844", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libarchive-0:3.1.2-10.el7_2", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2016-09-12T00:00:00Z"}], "bugzilla": {"description": "libarchive: zip_read_mac_metadata() heap-based buffer overflow", "id": "1334211", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334211"}, "csaw": false, "cvss": {"cvss_base_score": "6.0", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "status": "verified"}, "cvss3": {"cvss3_base_score": "8.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L", "status": "verified"}, "cwe": "CWE-122", "details": ["Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive.", "A vulnerability was found in libarchive. A specially crafted zip file can provide an incorrect compressed size, which may allow an attacker to place arbitrary code on the heap and execute it in the context of the application."], "name": "CVE-2016-1541", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "libarchive", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2016-05-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-1541\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1541\nhttp://www.kb.cert.org/vuls/id/862384"], "threat_severity": "Moderate"}