{"id":"CVE-2016-8688","details":"The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c.","modified":"2026-02-21T00:36:54.503612Z","published":"2017-02-15T19:59:00.643Z","related":["SUSE-SU-2016:2911-1","openSUSE-SU-2024:10127-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-updates/2016-12/msg00027.html"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/10/16/11"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/93781"},{"type":"ADVISORY","url":"https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer-overflow-in-bid_entry-archive_read_support_format_mtree-c/"},{"type":"ADVISORY","url":"https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer-overflow-in-detect_form-archive_read_support_format_mtree-c/"},{"type":"ADVISORY","url":"https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-memory-corruptionunknown-crash-in-bid_entry-archive_read_support_format_mtree-c/"},{"type":"ADVISORY","url":"https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-use-after-free-in-bid_entry-archive_read_support_format_mtree-c/"},{"type":"ADVISORY","url":"https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-use-after-free-in-detect_form-archive_read_support_format_mtree-c/"},{"type":"ADVISORY","url":"https://github.com/libarchive/libarchive/commit/eec077f52bfa2d3f7103b4b74d52572ba8a15aca"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201701-03"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1377923"},{"type":"REPORT","url":"https://github.com/libarchive/libarchive/commit/eec077f52bfa2d3f7103b4b74d52572ba8a15aca"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2016/10/16/11"},{"type":"FIX","url":"https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer-overflow-in-bid_entry-archive_read_support_format_mtree-c/"},{"type":"FIX","url":"https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer-overflow-in-detect_form-archive_read_support_format_mtree-c/"},{"type":"FIX","url":"https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-memory-corruptionunknown-crash-in-bid_entry-archive_read_support_format_mtree-c/"},{"type":"FIX","url":"https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-use-after-free-in-bid_entry-archive_read_support_format_mtree-c/"},{"type":"FIX","url":"https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-use-after-free-in-detect_form-archive_read_support_format_mtree-c/"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1377923"},{"type":"FIX","url":"https://github.com/libarchive/libarchive/commit/eec077f52bfa2d3f7103b4b74d52572ba8a15aca"},{"type":"FIX","url":"https://security.gentoo.org/glsa/201701-03"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2016/10/16/11"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libarchive/libarchive","events":[{"introduced":"0"},{"fixed":"eec077f52bfa2d3f7103b4b74d52572ba8a15aca"}]}],"versions":["v2.6.0","v2.6.1","v2.6.2","v2.7.0","v2.7.1","v2.8.0","v2.8.1","v2.8.2","v2.8.3","v2.8.4","v2.8.5","v3.0.0a","v3.0.1b","v3.0.2","v3.0.3","v3.0.4","v3.1.0","v3.1.1","v3.1.2","v3.1.900a","v3.1.901a","v3.2.0","v3.2.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-8688.json","vanir_signatures":[{"signature_type":"Function","source":"https://github.com/libarchive/libarchive/commit/eec077f52bfa2d3f7103b4b74d52572ba8a15aca","id":"CVE-2016-8688-32674c9e","digest":{"length":769,"function_hash":"223740311993473210139103012324376062846"},"signature_version":"v1","deprecated":false,"target":{"file":"libarchive/archive_read_support_format_mtree.c","function":"next_line"}},{"signature_type":"Line","source":"https://github.com/libarchive/libarchive/commit/eec077f52bfa2d3f7103b4b74d52572ba8a15aca","id":"CVE-2016-8688-b0001ac3","digest":{"line_hashes":["49533266774681543131039842645057671075","321939831539605999812602556020703905102","86327894471780845113511688328954627230","195140934946345616962134847248004045130","216781037651015841101945166112837526521","108166397868030482561271342092105106413","188419350599359671913867752680796738459"],"threshold":0.9},"signature_version":"v1","deprecated":false,"target":{"file":"libarchive/archive_read_support_format_mtree.c"}}]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}