CVE-2015-8916

MEDIUM

Canonical Ubuntu Linux < 3.1.901a - NULL Pointer Dereference

Title source: rule

Description

bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a "split file in multivolume RAR," which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted rar file.

References (11)

Scores

CVSS v3 6.5
EPSS 0.0116
EPSS Percentile 78.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE
CWE-476
Status published

Affected Products (8)

canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
debian/debian_linux
debian/debian_linux
libarchive/libarchive < 3.1.901a
n/a/n/a

Timeline

Published Sep 20, 2016
Tracked Since Feb 18, 2026