Skip to main content

Linux Enterprise Desktop CVE-2015-8930

HIGH
Improper Input Validation (CWE-20)
2016-09-20 cve@mitre.org
7.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 20, 2016 - 14:15 cve.org
HIGH 7.5

DescriptionCVE.org

bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.

AnalysisAI

bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-20. bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself. Affected products include: Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Suse Linux Enterprise Software Development Kit, Libarchive, Canonical Ubuntu Linux. Version information: before 3.2.0.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2014-0569 CRITICAL POC
9.3 Oct 15

Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and bef

CVE-2013-0758 CRITICAL POC
9.3 Jan 13

Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderb

CVE-2013-0753 CRITICAL POC
9.3 Jan 13

Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox b

CVE-2025-32463 CRITICAL POC
9.3 Jun 30

Sudo before 1.9.17p1 contains a local root escalation vulnerability (CVE-2025-32463, CVSS 9.3) through the --chroot opti

CVE-2013-0757 CRITICAL POC
9.3 Jan 13

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbi

CVE-2015-7547 HIGH POC
8.1 Feb 18

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C

CVE-2016-4138 CRITICAL POC
9.8 Jun 16

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsof

CVE-2012-5612 MEDIUM POC
6.5 Dec 03

Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly ot

CVE-2014-3470 MEDIUM
4.3 Jun 05

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before

CVE-2014-0221 MEDIUM
4.3 Jun 05

The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.

CVE-2016-1285 MEDIUM
6.8 Mar 09

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fe

CVE-2016-4137 HIGH POC
8.8 Jun 16

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsof

Share

CVE-2015-8930 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy