{"vuid":"VU#970849","idnumber":"970849","name":"libarchive does not properly terminate loop","keywords":["libarchive","DoS","denial of service","end-of-file condition","PAX extension header"],"overview":"libarchive contains a vulnerability that may allow an attacker to cause a denial of service.","clean_desc":"The libarchive library provides an interface for reading and writing archive files. There is a vulnerability in libarchive that occurs when it parses the pax interchange format. If an archive prematurely ends within a pax extension, libarchive may enter an infinite loop.","impact":"A remote, unauthenitcated attacker may be able to cause a denial of service condition.","resolution":"Upgrade\nMultiple operating system vendors have released an update to address this issue. Administrators should the systems affected portion of this document for more information.","workarounds":"","sysaffected":"","thanks":"Theanks to CERT-FI and CPNI for information that was used in this report.","author":"This document was written by Ryan Giobbi.","public":["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3644","https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html","http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc","http://people.freebsd.org/~kientzle/libarchive/"],"cveids":["CVE-2007-3644"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2007-07-20T14:22:28Z","publicdate":"2007-07-12T00:00:00Z","datefirstpublished":"2008-03-20T19:51:18Z","dateupdated":"2008-03-20T20:00:43Z","revision":7,"vrda_d1_directreport":"1","vrda_d1_population":"4","vrda_d1_impact":"1","cam_widelyknown":"20","cam_exploitation":"0","cam_internetinfrastructure":"4","cam_population":"15","cam_impact":"4","cam_easeofexploitation":"10","cam_attackeraccessrequired":"5","cam_scorecurrent":"1.35","cam_scorecurrentwidelyknown":"1.35","cam_scorecurrentwidelyknownexploited":"2.475","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":1.35,"vulnote":null}