Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-1000878

Опубликовано: 20 нояб. 2018
Источник: redhat
CVSS3: 7
EPSS Низкий

Описание

libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive.

Отчет

This issue affects the versions of libarchive as shipped with Red Hat Enterprise Linux 7. This issue did not affect the versions of libarchive as shipped with Red Hat Enterprise Linux 6.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6libarchiveNot affected
Red Hat Enterprise Linux 7libarchiveFixedRHSA-2019:229806.08.2019
Red Hat Enterprise Linux 8libarchiveFixedRHSA-2019:369805.11.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1663889libarchive: Use after free in RAR decoder resulting in a denial of service

EPSS

Процентиль: 82%
0.0171
Низкий

7 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-1000878

CVSS3: 8.8
ubuntu
около 7 лет назад

libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive.

nvd логотип

CVE-2018-1000878

CVSS3: 8.8
nvd
около 7 лет назад

libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive.

debian логотип

CVE-2018-1000878

CVSS3: 8.8
debian
около 7 лет назад

libarchive version commit 416694915449219d505531b1096384f3237dd6cc onw ...

github логотип

GHSA-53fm-4pq6-xwr4

CVSS3: 8.8
github
больше 3 лет назад

libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive.

fstec логотип

BDU:2019-01257

CVSS3: 8.8
fstec
около 7 лет назад

Уязвимость библиотеки для работы с архивами Libarchive, связанная с использованием памяти после освобождения, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 82%
0.0171
Низкий

7 High

CVSS3