CVE-2018-12418

Опубликовано: 14 июн. 2018

Источник: nvd

CVSS3: 5.5

CVSS2: 4.3

EPSS Низкий

Описание

Archive.java in Junrar before 1.0.1, as used in Apache Tika and other products, is affected by a denial of service vulnerability due to an infinite loop when handling corrupt RAR files.

Ссылки

https://github.com/junrar/junrar/commit/ad8d0ba8e155630da8a1215cee3f253e0af45817
Patch
Third Party Advisory
https://github.com/junrar/junrar/pull/8
Third Party Advisory
https://github.com/junrar/junrar/commit/ad8d0ba8e155630da8a1215cee3f253e0af45817
Patch
Third Party Advisory
https://github.com/junrar/junrar/pull/8
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:junrar_project:junrar:*:*:*:*:*:*:*:*

Версия до 1.0.1 (исключая)

EPSS

Процентиль: 61%

0.00414

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-835

Связанные уязвимости