CVE-2007-3645 - OpenCVE

archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (crash) via (1) an end-of-file condition within a tar header that follows a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive, which results in a NULL pointer dereference, a different issue than CVE-2007-3644.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Freebsd	Libarchive

Configuration 1 [-]

cpe:2.3:a:freebsd:libarchive:*:*:*:*:*:*:*:*

References

Link	Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924
http://osvdb.org/38093
http://osvdb.org/38094
http://people.freebsd.org/~kientzle/libarchive/
http://secunia.com/advisories/26050	Patch Vendor Advisory
http://secunia.com/advisories/26062	Patch Vendor Advisory
http://secunia.com/advisories/26355
http://secunia.com/advisories/28377
http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc	Patch Vendor Advisory
http://security.freebsd.org/patches/SA-07:05/libarchive.patch	Patch
http://security.gentoo.org/glsa/glsa-200708-03.xml
http://www.debian.org/security/2008/dsa-1455
http://www.novell.com/linux/security/advisories/2007_15_sr.html
http://www.securityfocus.com/bid/24885	Patch
http://www.securitytracker.com/id?1018379
http://www.vupen.com/english/advisories/2007/2521
https://exchange.xforce.ibmcloud.com/vulnerabilities/35404

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: freebsd

Published: 2007-07-15T21:00:00

Updated: 2017-07-28T12:57:01

Reserved: 2007-07-09T00:00:00

Link: CVE-2007-3645

JSON object: View

NVD Information

Status : Modified

Published: 2007-07-15T21:30:00.000

Modified: 2017-07-29T01:32:27.237

Link: CVE-2007-3645

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-07-12T00:00:00", "descriptions": [{"lang": "en", "value": "archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (crash) via (1) an end-of-file condition within a tar header that follows a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive, which results in a NULL pointer dereference, a different issue than CVE-2007-3644."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "shortName": "freebsd"}, "references": [{"name": "freebsd-libarchive-null-pax-dos(35404)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35404"}, {"name": "ADV-2007-2521", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2521"}, {"name": "DSA-1455", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2008/dsa-1455"}, {"name": "FreeBSD-SA-07:05.libarchive", "tags": ["vendor-advisory", "x_refsource_FREEBSD"], "url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc"}, {"tags": ["x_refsource_MISC"], "url": "http://security.freebsd.org/patches/SA-07:05/libarchive.patch"}, {"name": "26050", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26050"}, {"name": "24885", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24885"}, {"name": "GLSA-200708-03", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200708-03.xml"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924"}, {"name": "38094", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/38094"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://people.freebsd.org/~kientzle/libarchive/"}, {"name": "26062", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26062"}, {"name": "38093", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/38093"}, {"name": "26355", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26355"}, {"name": "1018379", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018379"}, {"name": "28377", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28377"}, {"name": "SUSE-SR:2007:015", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secteam@freebsd.org", "ID": "CVE-2007-3645", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (crash) via (1) an end-of-file condition within a tar header that follows a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive, which results in a NULL pointer dereference, a different issue than CVE-2007-3644."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "freebsd-libarchive-null-pax-dos(35404)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35404"}, {"name": "ADV-2007-2521", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2521"}, {"name": "DSA-1455", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1455"}, {"name": "FreeBSD-SA-07:05.libarchive", "refsource": "FREEBSD", "url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc"}, {"name": "http://security.freebsd.org/patches/SA-07:05/libarchive.patch", "refsource": "MISC", "url": "http://security.freebsd.org/patches/SA-07:05/libarchive.patch"}, {"name": "26050", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26050"}, {"name": "24885", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24885"}, {"name": "GLSA-200708-03", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200708-03.xml"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924", "refsource": "CONFIRM", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924"}, {"name": "38094", "refsource": "OSVDB", "url": "http://osvdb.org/38094"}, {"name": "http://people.freebsd.org/~kientzle/libarchive/", "refsource": "CONFIRM", "url": "http://people.freebsd.org/~kientzle/libarchive/"}, {"name": "26062", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26062"}, {"name": "38093", "refsource": "OSVDB", "url": "http://osvdb.org/38093"}, {"name": "26355", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26355"}, {"name": "1018379", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018379"}, {"name": "28377", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28377"}, {"name": "SUSE-SR:2007:015", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"}]}}}}, "cveMetadata": {"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "assignerShortName": "freebsd", "cveId": "CVE-2007-3645", "datePublished": "2007-07-15T21:00:00", "dateReserved": "2007-07-09T00:00:00", "dateUpdated": "2017-07-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:freebsd:libarchive:*:*:*:*:*:*:*:*", "matchCriteriaId": "637AE244-745E-4506-90FA-6092C83CC9BD", "versionEndIncluding": "2.2.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (crash) via (1) an end-of-file condition within a tar header that follows a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive, which results in a NULL pointer dereference, a different issue than CVE-2007-3644."}, {"lang": "es", "value": "archive_read_support_format_tar.c en libarchive anterior a 2.2.4 permite a atacantes remotos con la complicidad del usuario provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante (1) una condici\u00f3n de fin de fichero dentro de una cabecera tar que sigue una cabecera de extensi\u00f3n pax o (2) una cabecera de extensi\u00f3n pax en un archivo (a) PAX o (b) TAR, lo cual resulta en una referencia a un puntero nulo, un asunto diferente que CVE-2007-3644."}], "evaluatorSolution": "The vendor has released an update addressing this issue: http://people.freebsd.org/~kientzle/libarchive/", "id": "CVE-2007-3645", "lastModified": "2017-07-29T01:32:27.237", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-07-15T21:30:00.000", "references": [{"source": "secteam@freebsd.org", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924"}, {"source": "secteam@freebsd.org", "url": "http://osvdb.org/38093"}, {"source": "secteam@freebsd.org", "url": "http://osvdb.org/38094"}, {"source": "secteam@freebsd.org", "url": "http://people.freebsd.org/~kientzle/libarchive/"}, {"source": "secteam@freebsd.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/26050"}, {"source": "secteam@freebsd.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/26062"}, {"source": "secteam@freebsd.org", "url": "http://secunia.com/advisories/26355"}, {"source": "secteam@freebsd.org", "url": "http://secunia.com/advisories/28377"}, {"source": "secteam@freebsd.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc"}, {"source": "secteam@freebsd.org", "tags": ["Patch"], "url": "http://security.freebsd.org/patches/SA-07:05/libarchive.patch"}, {"source": "secteam@freebsd.org", "url": "http://security.gentoo.org/glsa/glsa-200708-03.xml"}, {"source": "secteam@freebsd.org", "url": "http://www.debian.org/security/2008/dsa-1455"}, {"source": "secteam@freebsd.org", "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"}, {"source": "secteam@freebsd.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/24885"}, {"source": "secteam@freebsd.org", "url": "http://www.securitytracker.com/id?1018379"}, {"source": "secteam@freebsd.org", "url": "http://www.vupen.com/english/advisories/2007/2521"}, {"source": "secteam@freebsd.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35404"}], "sourceIdentifier": "secteam@freebsd.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}