CVE-2006-5680

Description

The libarchive library in FreeBSD 6-STABLE after 2006-09-05 and before 2006-11-08 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive that causes libarchive to skip a region past the actual end of the archive, which triggers an infinite loop that attempts to read more data.

How to fix CVE-2006-5680

To remediate CVE-2006-5680, upgrade the affected package to a fixed version below.

• Debian/libarchive—upgrade to 1.3.1-1 or later

Is CVE-2006-5680 being exploited?

Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.3.1-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2006-5680