CVE-2013-0211
Published: 25 March 2013
Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
libarchive Launchpad, Ubuntu, Debian |
hardy |
Ignored
(reached end-of-life)
|
| lucid |
Ignored
(reached end-of-life)
|
|
| oneiric |
Ignored
(reached end-of-life)
|
|
| precise |
Released
(3.0.3-6ubuntu1.1)
|
|
| quantal |
Ignored
(reached end-of-life)
|
|
| raring |
Ignored
(reached end-of-life)
|
|
| saucy |
Ignored
(reached end-of-life)
|
|
| trusty |
Not vulnerable
(3.1.2-7ubuntu2)
|
|
| upstream |
Released
(3.0.4-3)
|
|
| utopic |
Not vulnerable
(3.1.2-9)
|
|
|
Patches: upstream: https://github.com/libarchive/libarchive/commit/22531545514043e04633e1c015c7540b9de9dbe4 |
||