F5 Networks BIG-IP : libarchive vulnerability (K35263486)
Medium Nessus Plugin ID 97360
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionThe mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c. (CVE-2016-8688)
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K35263486.