CVE-2016-2347 - OpenCVE

Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Lhasa Project	Lhasa
Opensuse	Leap Opensuse

Configuration 1 [-]

OR	cpe:2.3:o:opensuse:leap:42.1:::::::*
	cpe:2.3:o:opensuse:opensuse:13.2:::::::*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:7.0:::::::*
	cpe:2.3:o:debian:debian_linux:8.0:::::::*

Configuration 3 [-]

cpe:2.3:a:lhasa_project:lhasa:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://lists.opensuse.org/opensuse-updates/2016-04/msg00038.html
http://lists.opensuse.org/opensuse-updates/2016-04/msg00039.html
http://www.debian.org/security/2016/dsa-3540
http://www.talosintelligence.com/reports/TALOS-2016-0095/
https://github.com/fragglet/lhasa/commit/6fcdb8f1f538b9d63e63a5fa199c5514a15d4564
https://github.com/fragglet/lhasa/releases/tag/v0.3.1

History

No history.

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2017-04-21T20:00:00

Updated: 2024-08-05T23:24:49.086Z

Reserved: 2016-02-12T00:00:00

Link: CVE-2016-2347

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-04-21T20:59:00.557

Modified: 2018-10-30T16:27:37.467

Link: CVE-2016-2347

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-03-31T00:00:00", "descriptions": [{"lang": "en", "value": "Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-04-21T18:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/fragglet/lhasa/releases/tag/v0.3.1"}, {"tags": ["x_refsource_MISC"], "url": "http://www.talosintelligence.com/reports/TALOS-2016-0095/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/fragglet/lhasa/commit/6fcdb8f1f538b9d63e63a5fa199c5514a15d4564"}, {"name": "openSUSE-SU-2016:1027", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00038.html"}, {"name": "openSUSE-SU-2016:1029", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00039.html"}, {"name": "DSA-3540", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3540"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2016-2347", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/fragglet/lhasa/releases/tag/v0.3.1", "refsource": "CONFIRM", "url": "https://github.com/fragglet/lhasa/releases/tag/v0.3.1"}, {"name": "http://www.talosintelligence.com/reports/TALOS-2016-0095/", "refsource": "MISC", "url": "http://www.talosintelligence.com/reports/TALOS-2016-0095/"}, {"name": "https://github.com/fragglet/lhasa/commit/6fcdb8f1f538b9d63e63a5fa199c5514a15d4564", "refsource": "CONFIRM", "url": "https://github.com/fragglet/lhasa/commit/6fcdb8f1f538b9d63e63a5fa199c5514a15d4564"}, {"name": "openSUSE-SU-2016:1027", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00038.html"}, {"name": "openSUSE-SU-2016:1029", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00039.html"}, {"name": "DSA-3540", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3540"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T23:24:49.086Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/fragglet/lhasa/releases/tag/v0.3.1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.talosintelligence.com/reports/TALOS-2016-0095/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/fragglet/lhasa/commit/6fcdb8f1f538b9d63e63a5fa199c5514a15d4564"}, {"name": "openSUSE-SU-2016:1027", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00038.html"}, {"name": "openSUSE-SU-2016:1029", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00039.html"}, {"name": "DSA-3540", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3540"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2016-2347", "datePublished": "2017-04-21T20:00:00", "dateReserved": "2016-02-12T00:00:00", "dateUpdated": "2024-08-05T23:24:49.086Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lhasa_project:lhasa:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B02163C-C44C-48BE-8313-60BEE89BA1CA", "versionEndIncluding": "0.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive."}, {"lang": "es", "value": "Desbordamiento de enteros en la funci\u00f3n decode_level3_header en lib/lha_file_header.c in Lhasa en versiones anteriores a 0.3.1 permite a los atacantes remotos ejecuta el c\u00f3digo arbitrario a trav\u00e9s de un archivo manipulado."}], "id": "CVE-2016-2347", "lastModified": "2018-10-30T16:27:37.467", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-04-21T20:59:00.557", "references": [{"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00038.html"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00039.html"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2016/dsa-3540"}, {"source": "cret@cert.org", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "http://www.talosintelligence.com/reports/TALOS-2016-0095/"}, {"source": "cret@cert.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/fragglet/lhasa/commit/6fcdb8f1f538b9d63e63a5fa199c5514a15d4564"}, {"source": "cret@cert.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/fragglet/lhasa/releases/tag/v0.3.1"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}