Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-1000879

Опубликовано: 20 нояб. 2018
Источник: redhat
CVSS3: 4.3
EPSS Низкий

Описание

libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.

Отчет

This vulnerability is rated as low severity because it results in a denial of service due to a NULL pointer dereference, it can crash the application, it does not affect system security or integrity. This issue did not affect the versions of libarchive as shipped with Red Hat Enterprise Linux 6 and 7.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6libarchiveNot affected
Red Hat Enterprise Linux 7libarchiveNot affected
Red Hat Enterprise Linux 8libarchiveFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=1663890libarchive: NULL pointer dereference in ACL parser resulting in a denial of service

EPSS

Процентиль: 77%
0.0105
Низкий

4.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-1000879

CVSS3: 6.5
ubuntu
около 7 лет назад

libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.

nvd логотип

CVE-2018-1000879

CVSS3: 6.5
nvd
около 7 лет назад

libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.

debian логотип

CVE-2018-1000879

CVSS3: 6.5
debian
около 7 лет назад

libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onw ...

github логотип

GHSA-7pgj-273w-w98j

CVSS3: 6.5
github
больше 3 лет назад

libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.

fstec логотип

BDU:2020-01816

CVSS3: 6.5
fstec
около 7 лет назад

Уязвимость функции archive_acl_from_text_lins библиотеки libarchive, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 77%
0.0105
Низкий

4.3 Medium

CVSS3