Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-1000880

Опубликовано: 20 дек. 2018
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 4.3
CVSS3: 6.5

Описание

libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file.

РелизСтатусПримечание
bionic

released

3.2.2-3.1ubuntu0.2
cosmic

released

3.2.2-5ubuntu0.1
devel

released

3.3.3-2
esm-infra-legacy/trusty

not-affected

code not-present
esm-infra/bionic

released

3.2.2-3.1ubuntu0.2
esm-infra/xenial

not-affected

code not present
precise/esm

DNE

trusty

not-affected

code not-present
trusty/esm

not-affected

code not-present
upstream

needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 68%
0.00585
Низкий

4.3 Medium

CVSS2

6.5 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2018-1000880

CVSS3: 4.3
redhat
около 7 лет назад

libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file.

nvd логотип

CVE-2018-1000880

CVSS3: 6.5
nvd
около 7 лет назад

libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file.

debian логотип

CVE-2018-1000880

CVSS3: 6.5
debian
около 7 лет назад

libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onw ...

github логотип

GHSA-vg7w-5p64-2q65

CVSS3: 6.5
github
больше 3 лет назад

libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file.

fstec логотип

BDU:2019-00927

CVSS3: 6.5
fstec
больше 7 лет назад

Уязвимость функции _warc_read библиотеки libarchive, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 68%
0.00585
Низкий

4.3 Medium

CVSS2

6.5 Medium

CVSS3