First published: Tue Sep 20 2016(Updated: )
Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
debian/libarchive | 3.4.3-2+deb11u1 3.6.2-1+deb12u1 3.7.4-1 | |
libarchive | <=3.1.901a | |
SUSE Linux Enterprise Desktop with Beagle | =12-sp1 | |
SUSE Linux Enterprise Server | =12-sp1 | |
SUSE Linux Enterprise Software Development Kit | =12-sp1 | |
Ubuntu | =12.04 | |
Ubuntu | =14.04 | |
Ubuntu | =15.10 | |
Ubuntu | =16.04 | |
Debian | =7.0 | |
Debian | =8.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-8931 is considered a critical vulnerability due to its potential to trigger undefined behavior in applications using the affected versions of libarchive.
To fix CVE-2015-8931, upgrade libarchive to version 3.2.0 or later, specifically to versions 3.4.3-2+deb11u1, 3.6.2-1+deb12u1, or 3.7.4-1.
CVE-2015-8931 is an integer overflow vulnerability found in the get_time_t_max and get_time_t_min functions of libarchive.
Libarchive versions prior to 3.2.0, including distributions such as various versions of Debian and Ubuntu, are affected by CVE-2015-8931.
Yes, CVE-2015-8931 can be exploited remotely through a crafted mtree file, allowing attackers to potentially execute arbitrary code.