CVE-2011-1777

Published Apr 13, 2012

Last updated 7 years ago

CVSS info 6.8

Overview

Description: Multiple buffer overflows in the (1) heap_add_entry and (2) relocate_dir functions in archive_read_support_format_iso9660.c in libarchive through 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ISO9660 image.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:freebsd:libarchive:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "368424B7-7A08-44EE-861D-95F3F4BF82B1",
            "versionEndIncluding": "2.8.5"
          },
          {
            "criteria": "cpe:2.3:a:freebsd:libarchive:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3753B9F-CBED-462F-B209-2CB96BA007E4"
          },
          {
            "criteria": "cpe:2.3:a:freebsd:libarchive:2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC137D4C-8BDB-4BCC-83B0-051BF112EBFE"
          },
          {
            "criteria": "cpe:2.3:a:freebsd:libarchive:2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "48996E6B-4B09-4858-A848-DF8AFC282B0B"
          },
          {
            "criteria": "cpe:2.3:a:freebsd:libarchive:2.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A3F3A08-0B42-40B7-91F6-00B2F7FF26CB"
          },
          {
            "criteria": "cpe:2.3:a:freebsd:libarchive:2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "91C7B583-2820-4B32-9182-026F9969F9D7"
          },
          {
            "criteria": "cpe:2.3:a:freebsd:libarchive:2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3FC04763-2FEA-44E5-B117-6884C558BAE3"
          },
          {
            "criteria": "cpe:2.3:a:freebsd:libarchive:2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BDB37633-F110-4F87-95D2-9F61DD83EE38"
          },
          {
            "criteria": "cpe:2.3:a:freebsd:libarchive:2.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3CB56712-0ACC-402C-95D3-CDAA46BFCD7A"
          },
          {
            "criteria": "cpe:2.3:a:freebsd:libarchive:2.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5341EC48-4C91-4C8F-AA20-F695B7FD9BE9"
          },
          {
            "criteria": "cpe:2.3:a:freebsd:libarchive:2.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55DB89CA-C763-4B72-B709-0632C413BD45"
          },
          {
            "criteria": "cpe:2.3:a:freebsd:libarchive:2.7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA6CD573-3128-4FC0-9F9A-796F2C82FBCE"
          },
          {
            "criteria": "cpe:2.3:a:freebsd:libarchive:2.7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3026BE26-BC84-4F53-9CBC-1335A946E075"
          },
          {
            "criteria": "cpe:2.3:a:freebsd:libarchive:2.8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "56AE92D3-67DF-4CF9-ABDD-A3BAD8F28BC7"
          },
          {
            "criteria": "cpe:2.3:a:freebsd:libarchive:2.8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8BD245EB-E95D-42B8-88A0-55A9DE5C2D41"
          },
          {
            "criteria": "cpe:2.3:a:freebsd:libarchive:2.8.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "968B42D1-9A4F-4898-A505-EE8BCE35A596"
          },
          {
            "criteria": "cpe:2.3:a:freebsd:libarchive:2.8.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2BE82186-D43B-4C08-A338-9C53A4B64B00"
          },
          {
            "criteria": "cpe:2.3:a:freebsd:libarchive:2.8.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E6033C5-CD4E-447C-89DD-3F04A81320CA"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References