Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-1000020

Опубликовано: 20 янв. 2019
Источник: redhat
CVSS3: 6.5

Описание

libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file.

Отчет

This vulnerability is present in the libarchive package included in Red Hat Virtualization Hypervisor, however it is never exposed to ISO images created by attackers or users, so the vulnerability can not be exploited.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6libarchiveWill not fix
Red Hat Virtualization 4redhat-virtualization-hostNot affected
Red Hat Enterprise Linux 7libarchiveFixedRHSA-2019:229806.08.2019
Red Hat Enterprise Linux 8libarchiveFixedRHSA-2019:369805.11.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-835
https://bugzilla.redhat.com/show_bug.cgi?id=1672888libarchive: Infinite recursion in archive_read_support_format_iso9660.c resulting in denial of service

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-1000020

CVSS3: 6.5
ubuntu
около 7 лет назад

libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file.

nvd логотип

CVE-2019-1000020

CVSS3: 6.5
nvd
около 7 лет назад

libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file.

debian логотип

CVE-2019-1000020

CVSS3: 6.5
debian
около 7 лет назад

libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onw ...

github логотип

GHSA-rv4c-7xgc-3x93

CVSS3: 6.5
github
больше 3 лет назад

libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file.

fstec логотип

BDU:2020-01818

CVSS3: 6.5
fstec
около 7 лет назад

Уязвимость библиотеки libarchive, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

6.5 Medium

CVSS3