{
  "threat_severity" : "Low",
  "public_date" : "2016-06-17T00:00:00Z",
  "bugzilla" : {
    "description" : "libarchive: Undefined behavior / invalid shiftleft in TAR parser",
    "id" : "1348780",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1348780"
  },
  "cvss" : {
    "cvss_base_score" : "3.5",
    "cvss_scoring_vector" : "AV:N/AC:M/Au:S/C:N/I:N/A:P",
    "status" : "verified"
  },
  "cvss3" : {
    "cvss3_base_score" : "3.5",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-682",
  "details" : [ "The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift.", "Undefined behavior (invalid left shift) was discovered in libarchive, in how Compress streams are identified.  This could cause certain files to be mistakenly identified as Compress archives and fail to read." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2016-09-12T00:00:00Z",
    "advisory" : "RHSA-2016:1850",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "libarchive-0:2.8.3-7.el6_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2016-09-12T00:00:00Z",
    "advisory" : "RHSA-2016:1844",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "libarchive-0:3.1.2-10.el7_2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-8932\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8932" ],
  "name" : "CVE-2015-8932",
  "csaw" : false
}