FKIE_CVE-2007-3644

Vulnerability from fkie_nvd - Published: 2007-07-14 00:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (infinite loop) via (1) an end-of-file condition within a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive.
References
secteam@freebsd.orghttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924
secteam@freebsd.orghttp://osvdb.org/38093
secteam@freebsd.orghttp://osvdb.org/38094
secteam@freebsd.orghttp://people.freebsd.org/~kientzle/libarchive/
secteam@freebsd.orghttp://secunia.com/advisories/26050Patch, Vendor Advisory
secteam@freebsd.orghttp://secunia.com/advisories/26062Patch, Vendor Advisory
secteam@freebsd.orghttp://secunia.com/advisories/26355
secteam@freebsd.orghttp://secunia.com/advisories/28377
secteam@freebsd.orghttp://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.ascVendor Advisory
secteam@freebsd.orghttp://security.freebsd.org/patches/SA-07:05/libarchive.patchPatch
secteam@freebsd.orghttp://security.gentoo.org/glsa/glsa-200708-03.xml
secteam@freebsd.orghttp://www.debian.org/security/2008/dsa-1455
secteam@freebsd.orghttp://www.kb.cert.org/vuls/id/970849US Government Resource
secteam@freebsd.orghttp://www.novell.com/linux/security/advisories/2007_15_sr.html
secteam@freebsd.orghttp://www.securityfocus.com/bid/24885Patch
secteam@freebsd.orghttp://www.securitytracker.com/id?1018379
secteam@freebsd.orghttp://www.vupen.com/english/advisories/2007/2521
secteam@freebsd.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/35402
af854a3a-2127-422b-91ae-364da2661108http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/38093
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/38094
af854a3a-2127-422b-91ae-364da2661108http://people.freebsd.org/~kientzle/libarchive/
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26050Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26062Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26355
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28377
af854a3a-2127-422b-91ae-364da2661108http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.ascVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.freebsd.org/patches/SA-07:05/libarchive.patchPatch
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200708-03.xml
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2008/dsa-1455
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/970849US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2007_15_sr.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/24885Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1018379
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/2521
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/35402
Impacted products
Vendor Product Version
freebsd libarchive *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:freebsd:libarchive:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "637AE244-745E-4506-90FA-6092C83CC9BD",
              "versionEndIncluding": "2.2.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (infinite loop) via (1) an end-of-file condition within a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive."
    },
    {
      "lang": "es",
      "value": "archive_read_support_format_tar.c de libarchive versiones anteriores a 2.2.4 permite a atacantes remotos con la complicidad del usuario provocar una denegaci\u00f3n de servicio (bucle infinito) mediante (1) una condici\u00f3n de  final de fichero con una cabecera de extensi\u00f3n pax \u00f3 (2) una una cabecera de extensi\u00f3n pax malformada en un fichero (a) PAX \u00f3 (b) TAR."
    }
  ],
  "id": "CVE-2007-3644",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-07-14T00:30:00.000",
  "references": [
    {
      "source": "secteam@freebsd.org",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924"
    },
    {
      "source": "secteam@freebsd.org",
      "url": "http://osvdb.org/38093"
    },
    {
      "source": "secteam@freebsd.org",
      "url": "http://osvdb.org/38094"
    },
    {
      "source": "secteam@freebsd.org",
      "url": "http://people.freebsd.org/~kientzle/libarchive/"
    },
    {
      "source": "secteam@freebsd.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26050"
    },
    {
      "source": "secteam@freebsd.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26062"
    },
    {
      "source": "secteam@freebsd.org",
      "url": "http://secunia.com/advisories/26355"
    },
    {
      "source": "secteam@freebsd.org",
      "url": "http://secunia.com/advisories/28377"
    },
    {
      "source": "secteam@freebsd.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc"
    },
    {
      "source": "secteam@freebsd.org",
      "tags": [
        "Patch"
      ],
      "url": "http://security.freebsd.org/patches/SA-07:05/libarchive.patch"
    },
    {
      "source": "secteam@freebsd.org",
      "url": "http://security.gentoo.org/glsa/glsa-200708-03.xml"
    },
    {
      "source": "secteam@freebsd.org",
      "url": "http://www.debian.org/security/2008/dsa-1455"
    },
    {
      "source": "secteam@freebsd.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/970849"
    },
    {
      "source": "secteam@freebsd.org",
      "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
    },
    {
      "source": "secteam@freebsd.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/24885"
    },
    {
      "source": "secteam@freebsd.org",
      "url": "http://www.securitytracker.com/id?1018379"
    },
    {
      "source": "secteam@freebsd.org",
      "url": "http://www.vupen.com/english/advisories/2007/2521"
    },
    {
      "source": "secteam@freebsd.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35402"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/38093"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/38094"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://people.freebsd.org/~kientzle/libarchive/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26050"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26355"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28377"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://security.freebsd.org/patches/SA-07:05/libarchive.patch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200708-03.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1455"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/970849"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/24885"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018379"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2521"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35402"
    }
  ],
  "sourceIdentifier": "secteam@freebsd.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.