Published: 20/12/2018 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libarchive libarchive
opensuse leap 15.0
fedoraproject fedora 28
fedoraproject fedora 29
fedoraproject fedora 30

Debian Bug report logs - #916963 libarchive: CVE-2018-1000878 Package: src:libarchive; Maintainer for src:libarchive is Peter Pentchev <roam@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 20 Dec 2018 20:42:02 UTC Severity: grave Tags: security, upstream Found in versions libarchive/32 ...

Debian Bug report logs - #916960 libarchive: CVE-2018-1000880 Package: src:libarchive; Maintainer for src:libarchive is Peter Pentchev <roam@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 20 Dec 2018 20:27:01 UTC Severity: important Tags: security, upstream Found in versions libarchive ...

Debian Bug report logs - #916962 libarchive: CVE-2018-1000879 Package: src:libarchive; Maintainer for src:libarchive is Peter Pentchev <roam@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 20 Dec 2018 20:36:02 UTC Severity: important Tags: security, upstream Found in version libarchive/ ...

Debian Bug report logs - #916964 libarchive: CVE-2018-1000877 Package: src:libarchive; Maintainer for src:libarchive is Peter Pentchev <roam@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 20 Dec 2018 20:48:02 UTC Severity: important Tags: security, upstream Found in versions libarchive ...

A NULL-pointer dereference issue has been found in libarchive >= 330 and <=333, in the archive_acl_from_text_l() function in archive_aclc An attacker can use a specially crafted archive file to cause a crash via a malformed ACL ...

CWE-476 https://github.com/libarchive/libarchive/pull/1105/commits/15bf44fd2c1ad0e3fd87048b3fcc90c4dcff1175 https://github.com/libarchive/libarchive/pull/1105 https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909 http://www.securityfocus.com/bid/106324 http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W645KCLWFDBDGFJHG57WOVXGE62QSIJI/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBOCC2M6YGPZA6US43YK4INPSJZZHRTG/https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916963 https://security.archlinux.org/CVE-2018-1000879

CVE-2018-1000879

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect