CVE-2015-8918 — Vulnetix

Try Vulnetix Request Demo

CVE-2015-8918 PUBLISHED CVSS 7.5 HIGH

The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy."

EPSS 2.57% · 85.4th percentile

Risk Scores

CVSS v3.0

7.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

2.57%

85.4th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
novell	suse_linux_enterprise_software_development_kit	12.0
novell	suse_linux_enterprise_desktop	12.0
libarchive	libarchive	0
novell	suse_linux_enterprise_server	12.0

Timeline

Sep 20, 2016 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 8, 2023 EPSS Score
Jul 10, 2023 EPSS Score

References

https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html url
https://github.com/libarchive/libarchive/issues/506 url
SUSE-SU-2016:1909 vendor-advisory
[oss-security] 20160617 Many invalid memory access issues in libarchive mailing-list
GLSA-201701-03 vendor-advisory
[oss-security] 20160617 Re: Many invalid memory access issues in libarchive mailing-list
91300 vdb
https://nvd.nist.gov/vuln/detail/CVE-2015-8918 advisory

Open in Interactive Console →