FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2013-0211

This CVE name corresponds to:

Entered Topic
2016-01-18 libarchive -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2013-0211 at cve.mitre.org

Details

Type Candidate
Name CVE-2013-0211
Phase Assigned(20121206)

Description

Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow.

References

Source Reference
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=902998
CONFIRM https://github.com/libarchive/libarchive/commit/22531545514043e04633e1c015c7540b9de9dbe4
FEDORA FEDORA-2013-4522
FEDORA FEDORA-2013-4537
FEDORA FEDORA-2013-4576
FEDORA FEDORA-2013-4592
FREEBSD FreeBSD-SA-16:23
MANDRIVA MDVSA-2013:147
SUSE openSUSE-SU-2015:0568
UBUNTU USN-2549-1
SECTRACK 1035995

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.