CVE Vulnerabilities

CVE-2016-7166

Published: Sep 21, 2016 | Modified: Dec 27, 2019
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.

Affected Software

Name Vendor Start Version End Version
Enterprise_linux_desktop Redhat 7.0 7.0
Enterprise_linux_server_aus Redhat 7.2 7.2
Enterprise_linux_workstation Redhat 7.0 7.0
Enterprise_linux_server Redhat 7.0 7.0
Enterprise_linux_hpc_node Redhat 7.0 7.0
Enterprise_linux_server_eus Redhat 7.2 7.2
Enterprise_linux_hpc_node_eus Redhat 7.2 7.2

References