Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2018-1000879

Опубликовано: 20 дек. 2018
Источник: debian

Описание

libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libarchivefixed3.3.3-2package
libarchivenot-affectedstretchpackage
libarchivenot-affectedjessiepackage

Примечания

  • https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909

  • https://github.com/libarchive/libarchive/pull/1105

  • Introduced in: https://github.com/libarchive/libarchive/commit/379867ecb330b3a952fb7bfa7bffb7bbd5547205 (3.3.0)

  • Fixed by: https://github.com/libarchive/libarchive/commit/15bf44fd2c1ad0e3fd87048b3fcc90c4dcff1175

Связанные уязвимости

ubuntu логотип

CVE-2018-1000879

CVSS3: 6.5
ubuntu
около 7 лет назад

libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.

redhat логотип

CVE-2018-1000879

CVSS3: 4.3
redhat
около 7 лет назад

libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.

nvd логотип

CVE-2018-1000879

CVSS3: 6.5
nvd
около 7 лет назад

libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.

github логотип

GHSA-7pgj-273w-w98j

CVSS3: 6.5
github
больше 3 лет назад

libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.

fstec логотип

BDU:2020-01816

CVSS3: 6.5
fstec
около 7 лет назад

Уязвимость функции archive_acl_from_text_lins библиотеки libarchive, позволяющая нарушителю вызвать отказ в обслуживании