NVD

Id
28919  
Name
CVE-2015-8927  
Description
The trad_enc_decrypt_update function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted zip file, related to reading the password.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:N/A:P)  
Pub Date
2017-01-19  
Published
2016-09-20  
Modified Date
2016-11-28  
Seq
2015-8927  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
152440 28919 CVE-2015-8927 [oss-security] 20160617 Many invalid memory access issues in libarchive  View
152441 28919 CVE-2015-8927 [oss-security] 20160617 Re: Many invalid memory access issues in libarchive  View
152442 28919 CVE-2015-8927 91329  View
152443 28919 CVE-2015-8927 https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html  View
152444 28919 CVE-2015-8927 https://github.com/libarchive/libarchive/issues/523  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
11928 JVNDB-2015-007248 libarchive の archive_read_support_format_zip.c の trad_enc_decrypt_update 関数におけるサービス運用妨害 (DoS) の脆弱性 libarchive の archive_read_support_format_zip.c の trad_enc_decrypt_update 関数には、パスワードの読み取りに関する処理に不備があるため、サービス運用妨害 (境界外ヒープ読み取りおよびクラッシュ) 状態にされる脆弱性が存在します。 CVE-2015-8927 86152 CVE-2015-8927 28919 4.3 5.5 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-007248.html 2015-04-12 2016-09-23 View