Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-1000019

Опубликовано: 20 янв. 2019
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file.

Отчет

This vulnerability is present in the libarchive package included in Red Hat Virtualization Hypervisor, however it is never exposed to archives created by attackers or users, so the vulnerability can not be exploited.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6libarchiveNot affected
Red Hat Virtualization 4redhat-virtualization-hostNot affected
Red Hat Enterprise Linux 7libarchiveFixedRHSA-2019:229806.08.2019
Red Hat Enterprise Linux 8libarchiveFixedRHSA-2019:369805.11.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=1672892libarchive: Out of bounds read in archive_read_support_format_7zip.c resulting in a denial of service

EPSS

Процентиль: 86%
0.0281
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-1000019

CVSS3: 6.5
ubuntu
около 7 лет назад

libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file.

nvd логотип

CVE-2019-1000019

CVSS3: 6.5
nvd
около 7 лет назад

libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file.

debian логотип

CVE-2019-1000019

CVSS3: 6.5
debian
около 7 лет назад

libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onw ...

github логотип

GHSA-636v-c8v5-whhf

CVSS3: 6.5
github
больше 3 лет назад

libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file.

fstec логотип

BDU:2020-01817

CVSS3: 6.5
fstec
около 7 лет назад

Уязвимость библиотеки libarchive, связанная с чтением за границами буфера памяти, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 86%
0.0281
Низкий

6.5 Medium

CVSS3