Vulnerability Name:

CVE-2007-3641 (CCN-35405)

Assigned:2007-07-12
Published:2007-07-12
Updated:2017-07-29
Summary:archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CONFIRM
Type: UNKNOWN
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924

Source: MITRE
Type: CNA
CVE-2007-3641

Source: OSVDB
Type: UNKNOWN
38092

Source: CCN
Type: libarchive Web page
libarchive, bsdtar, pkg_add

Source: CONFIRM
Type: UNKNOWN
http://people.freebsd.org/~kientzle/libarchive/

Source: CCN
Type: SA26050
libarchive pax Extension Header Denial of Service and Buffer Overflow

Source: SECUNIA
Type: Patch, Vendor Advisory
26050

Source: SECUNIA
Type: Patch, Vendor Advisory
26062

Source: SECUNIA
Type: UNKNOWN
26355

Source: SECUNIA
Type: UNKNOWN
28377

Source: CCN
Type: FreeBSD-SA-07:05.libarchive
Errors handling corrupt tar files in libarchive(3)

Source: FREEBSD
Type: UNKNOWN
FreeBSD-SA-07:05.libarchive

Source: MISC
Type: Patch
http://security.freebsd.org/patches/SA-07:05/libarchive.patch

Source: GENTOO
Type: UNKNOWN
GLSA-200708-03

Source: CCN
Type: SECTRACK ID: 1018379
libarchive Tar/Pax Processing Bugs Let Remote Users Deny Service or Execute Arbitrary Code

Source: DEBIAN
Type: UNKNOWN
DSA-1455

Source: DEBIAN
Type: DSA-1455
libarchive -- denial of service

Source: CCN
Type: GLSA-200708-03
libarchive (formerly named as bsdtar): Multiple PaX Extension Header Vulnerabilities

Source: SUSE
Type: UNKNOWN
SUSE-SR:2007:015

Source: CCN
Type: OSVDB ID: 38092
libarchive archive_read_support_format_tar.c Malformed PAX Extension Header Handling Overflow

Source: BID
Type: Patch
24885

Source: CCN
Type: BID-24885
'libarchive' Multiple Remote Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1018379

Source: VUPEN
Type: UNKNOWN
ADV-2007-2521

Source: XF
Type: UNKNOWN
freebsd-libarchive-pax-bo(35405)

Source: XF
Type: UNKNOWN
freebsd-libarchive-pax-bo(35405)

Source: SUSE
Type: SUSE-SR:2007:015
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:freebsd:libarchive:*:*:*:*:*:*:*:* (Version <= 2.2.3)

  • Configuration CCN 1:
  • cpe:/o:freebsd:freebsd:5.5:-:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:6.1:-:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:6.2:-:*:*:*:*:*:*
  • OR cpe:/a:freebsd:libarchive:2.2.3:*:*:*:*:*:*:*
  • AND
  • cpe:/o:suse:suse_linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20073641
    V
    CVE-2007-3641
    2022-06-30
    oval:org.opensuse.security:def:42350
    P
    Security update for libeconf, shadow and util-linux (Moderate)
    2022-03-04
    oval:org.opensuse.security:def:112025
    P
    bsdtar-3.5.1-1.5 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:26225
    P
    Security update for libsndfile (Important)
    2022-01-05
    oval:org.opensuse.security:def:26188
    P
    Security update for gegl (Important)
    2021-12-28
    oval:org.opensuse.security:def:31720
    P
    Security update for xorg-x11-server (Important)
    2021-12-14
    oval:org.opensuse.security:def:31717
    P
    Security update for openssh (Important)
    2021-12-06
    oval:org.opensuse.security:def:42147
    P
    Security update for glib-networking (Important)
    2021-12-06
    oval:org.opensuse.security:def:32230
    P
    Security update for xen (Moderate)
    2021-12-01
    oval:org.opensuse.security:def:26172
    P
    Security update for webkit2gtk3 (Important)
    2021-11-23
    oval:org.opensuse.security:def:31294
    P
    Security update for opensc (Important)
    2021-10-29
    oval:org.opensuse.security:def:26152
    P
    Security update for postgresql10 (Important)
    2021-10-20
    oval:org.opensuse.security:def:105581
    P
    bsdtar-3.5.1-1.5 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:32186
    P
    Security update for MozillaFirefox (Important)
    2021-09-22
    oval:org.opensuse.security:def:31269
    P
    Security update for ghostscript (Critical)
    2021-09-21
    oval:org.opensuse.security:def:26123
    P
    Security update for openssl-1_0_0 (Low)
    2021-09-09
    oval:org.opensuse.security:def:32164
    P
    Security update for java-1_8_0-openjdk (Important)
    2021-08-20
    oval:org.opensuse.security:def:31662
    P
    Security update for libsndfile (Critical)
    2021-08-05
    oval:org.opensuse.security:def:31661
    P
    Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:31644
    P
    Security update for xterm (Important)
    2021-06-18
    oval:org.opensuse.security:def:31209
    P
    Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)
    2021-06-18
    oval:org.opensuse.security:def:32125
    P
    Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)
    2021-06-18
    oval:org.opensuse.security:def:31208
    P
    Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)
    2021-06-18
    oval:org.opensuse.security:def:31643
    P
    Security update for apache2 (Important)
    2021-06-17
    oval:org.opensuse.security:def:26070
    P
    Security update for spice (Important)
    2021-06-08
    oval:org.opensuse.security:def:36435
    P
    libarchive-devel-2.5.5-5.19 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:26068
    P
    Security update for libX11 (Important)
    2021-06-08
    oval:org.opensuse.security:def:42584
    P
    libarchive2-2.5.5-5.19 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:26067
    P
    Security update for MozillaFirefox (Important)
    2021-06-08
    oval:org.opensuse.security:def:36177
    P
    libarchive2-2.5.5-5.19 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:31628
    P
    Security update for dhcp (Important)
    2021-06-01
    oval:org.opensuse.security:def:26060
    P
    Security update for postgresql13 (Moderate)
    2021-05-27
    oval:org.opensuse.security:def:32907
    P
    Security update for gdm (Important)
    2021-04-28
    oval:org.opensuse.security:def:32076
    P
    Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)
    2021-04-28
    oval:org.opensuse.security:def:33101
    P
    Security update for nghttp2 (Important)
    2021-03-24
    oval:org.opensuse.security:def:31361
    P
    Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)
    2021-03-17
    oval:org.opensuse.security:def:26211
    P
    Security update for glib2 (Important)
    2021-03-16
    oval:org.opensuse.security:def:31729
    P
    Security update for screen (Important)
    2021-02-17
    oval:org.opensuse.security:def:32253
    P
    Security update for python (Important)
    2021-02-11
    oval:org.opensuse.security:def:31655
    P
    Security update for MozillaFirefox (Important)
    2021-01-29
    oval:org.opensuse.security:def:31220
    P
    Security update for sudo (Important)
    2021-01-26
    oval:org.opensuse.security:def:32097
    P
    Security update for flac (Moderate)
    2021-01-04
    oval:org.opensuse.security:def:25985
    P
    Security update for gimp (Moderate)
    2020-12-29
    oval:org.opensuse.security:def:25984
    P
    Security update for cyrus-sasl (Important)
    2020-12-28
    oval:org.opensuse.security:def:32020
    P
    Security update for cyrus-sasl (Important)
    2020-12-28
    oval:org.opensuse.security:def:32010
    P
    Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)
    2020-12-07
    oval:org.opensuse.security:def:35583
    P
    libarchive2-2.5.5-5.19 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35740
    P
    libarchive2-2.5.5-5.19 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:41990
    P
    libarchive2-2.5.5-5.19 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35943
    P
    libarchive2-2.5.5-5.19 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:25970
    P
    Security update for gdm (Important)
    2020-12-03
    oval:org.opensuse.security:def:26269
    P
    Security update for python3-requests (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25764
    P
    Security update for webkitgtk (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31827
    P
    Security update for bind (Important)
    2020-12-01
    oval:org.opensuse.security:def:25292
    P
    Security update for libX11 (Important)
    2020-12-01
    oval:org.opensuse.security:def:31426
    P
    Security update for php53 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27433
    P
    libarchive-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25726
    P
    Security update for python36 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26410
    P
    Security update for freexl (Important)
    2020-12-01
    oval:org.opensuse.security:def:25852
    P
    Security update for flash-playerqemu (Important)
    2020-12-01
    oval:org.opensuse.security:def:32666
    P
    ft2demos on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25367
    P
    Security update for MozillaFirefox (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31575
    P
    Security update for sudo
    2020-12-01
    oval:org.opensuse.security:def:32463
    P
    Security update for xorg-x11-libXpm (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25738
    P
    Security update for libxslt (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31953
    P
    Security update for gstreamer-0_10-plugins-base (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26614
    P
    mozilla-xulrunner190 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25910
    P
    Security update for gstreamer-0_10-plugins-base (Low)
    2020-12-01
    oval:org.opensuse.security:def:31052
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:25576
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:31818
    P
    Security update for audiofile (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33140
    P
    libarchive2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31410
    P
    Security update for php53 (Important)
    2020-12-01
    oval:org.opensuse.security:def:25930
    P
    Security update for ImageMagick (Important)
    2020-12-01
    oval:org.opensuse.security:def:26702
    P
    fuse on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26740
    P
    libarchive2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25134
    P
    Security update for apache2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:31137
    P
    Security update for kvm and libvirt
    2020-12-01
    oval:org.opensuse.security:def:25717
    P
    Security update for gd (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31923
    P
    Security update for ghostscript-library (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27140
    P
    gstreamer-0_10-plugins-base on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31422
    P
    Security update for php53 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32309
    P
    Security update for quagga (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31871
    P
    Security update for curl (Important)
    2020-12-01
    oval:org.opensuse.security:def:25146
    P
    Security update for man (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25921
    P
    Recommended update for mariadb (Important)
    2020-12-01
    oval:org.opensuse.security:def:31984
    P
    Security update for java-1_7_1-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:25494
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:26303
    P
    Security update for dnsmasq (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32397
    P
    Security update for unzip (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32548
    P
    libarchive2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25338
    P
    Security update for java-1_7_0-openjdk (Important)
    2020-12-01
    oval:org.opensuse.security:def:31505
    P
    Security update for python27 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26009
    P
    Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32868
    P
    ghostscript-fonts-other on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25569
    P
    Security update for tomcat (Important)
    2020-12-01
    oval:org.opensuse.security:def:31777
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:26405
    P
    Security update for sox (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26548
    P
    freetype2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25996
    P
    Security update for libvirt (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25476
    P
    Security update for git (Important)
    2020-12-01
    oval:org.opensuse.security:def:25778
    P
    Security update for mariadb (Important)
    2020-12-01
    oval:org.opensuse.security:def:26458
    P
    Security update for phpMyAdmin (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25711
    P
    Security update for python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31805
    P
    Security update for apache2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26942
    P
    libarchive2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25291
    P
    Security update for MozillaFirefox (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25919
    P
    Security update for libplist (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27398
    P
    file-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26326
    P
    Security update for MozillaThunderbird (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25813
    P
    Security update for libssh (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32028
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:25303
    P
    Security update for xorg-x11-server (Important)
    2020-12-01
    oval:org.opensuse.security:def:31518
    P
    Security update for quagga (Important)
    2020-12-01
    oval:org.opensuse.security:def:25727
    P
    Security update for libzypp (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31861
    P
    Security update for curl (Important)
    2020-12-01
    oval:org.opensuse.security:def:26561
    P
    gstreamer-0_10-plugins-good on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25866
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:32705
    P
    libarchive2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31051
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:25495
    P
    Security update for shibboleth-sp (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25802
    P
    Recommended update for LibreOffice (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26663
    P
    PolicyKit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26705
    P
    gd on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31063
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:25633
    P
    Security update for perl-DBI (Important)
    2020-12-01
    oval:org.opensuse.security:def:31874
    P
    Security update for cyrus-imapd (Important)
    2020-12-01
    oval:org.opensuse.security:def:26502
    P
    Security update for chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:31411
    P
    Security update for php53 (Important)
    2020-12-01
    oval:org.opensuse.security:def:26011
    P
    Security update for gwenhywfar (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26716
    P
    gvim on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25135
    P
    Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:25868
    P
    Security update for pcre (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31962
    P
    Security update for icu (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27175
    P
    libarchive2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25493
    P
    Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:31496
    P
    Security update for python-imaging
    2020-12-01
    oval:org.opensuse.security:def:32358
    P
    Security update for squidGuard (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32509
    P
    fetchmail on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25210
    P
    Security update for unzip (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31418
    P
    Security update for php53 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25505
    P
    Security update for python-PyYAML (Important)
    2020-12-01
    oval:org.opensuse.security:def:26356
    P
    Security update for chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:32419
    P
    Security update for wireshark (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25419
    P
    Security update for kernel-firmware (Important)
    2020-12-01
    oval:org.opensuse.security:def:26023
    P
    Security update for evince (Important)
    2020-12-01
    oval:org.opensuse.security:def:25697
    P
    Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31864
    P
    Security update for curl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26444
    P
    Security update for mumble (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26583
    P
    libarchive2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25560
    P
    Security update for openldap2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:31766
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:26907
    P
    gnome-screensaver on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25835
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:26760
    P
    libpoppler-glib4 on GA media (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:8120
    P
    DSA-1455 libarchive1 -- denial of service
    2014-06-23
    oval:org.mitre.oval:def:18768
    P
    DSA-1455-1 libarchive
    2014-06-23
    oval:org.debian:def:1455
    V
    denial of service
    2008-01-08
    BACK
    freebsd libarchive *
    freebsd freebsd 5.5 -
    freebsd freebsd 6.1 -
    freebsd freebsd 6.2 -
    freebsd libarchive 2.2.3
    suse suse linux *
    gentoo linux *
    debian debian linux 4.0