libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
libarchive libarchive |
||
opensuse leap 15.0 |
||
fedoraproject fedora 28 |
||
fedoraproject fedora 29 |
||
fedoraproject fedora 30 |