CVE-2018-1000879

Published: Dec 20, 2018Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.

Affected (5)

Products: Libarchive: Libarchive · Fedoraproject: Fedora · Opensuse: Leap

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Libarchive Libarchive	From 3.3.0 to 3.4.0

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 28
Fedoraproject Fedora	Version 29
Fedoraproject Fedora	Version 30
Opensuse Leap	Version 15.0

Related CWEs

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (16)

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/106324

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/libarchive/libarchive/pull/1105

Source: cve@mitre.org

Third Party Advisory

https://github.com/libarchive/libarchive/pull/1105/commits/15bf44fd2c1ad0e3fd87048b3fcc90c4dcff1175

Source: cve@mitre.org

PatchThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBOCC2M6YGPZA6US43YK4INPSJZZHRTG/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W645KCLWFDBDGFJHG57WOVXGE62QSIJI/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/106324

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/libarchive/libarchive/pull/1105

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/libarchive/libarchive/pull/1105/commits/15bf44fd2c1ad0e3fd87048b3fcc90c4dcff1175

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBOCC2M6YGPZA6US43YK4INPSJZZHRTG/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W645KCLWFDBDGFJHG57WOVXGE62QSIJI/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.