Published: 20/12/2018 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libarchive libarchive
canonical ubuntu linux 16.04
canonical ubuntu linux 14.04
canonical ubuntu linux 18.04
canonical ubuntu linux 18.10
opensuse leap 15.0
fedoraproject fedora 29
fedoraproject fedora 30

Several security issues were fixed in libarchive ...

Multiple security issues were found in libarchive, a multi-format archive and compression library: Processing malformed RAR archives could result in denial of service or the execution of arbitrary code and malformed WARC, LHarc, ISO, Xar or CAB archives could result in denial of service For the stable distribution (stretch), these problems have be ...

Debian Bug report logs - #916963 libarchive: CVE-2018-1000878 Package: src:libarchive; Maintainer for src:libarchive is Peter Pentchev <roam@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 20 Dec 2018 20:42:02 UTC Severity: grave Tags: security, upstream Found in versions libarchive/32 ...

Debian Bug report logs - #916960 libarchive: CVE-2018-1000880 Package: src:libarchive; Maintainer for src:libarchive is Peter Pentchev <roam@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 20 Dec 2018 20:27:01 UTC Severity: important Tags: security, upstream Found in versions libarchive ...

Debian Bug report logs - #916962 libarchive: CVE-2018-1000879 Package: src:libarchive; Maintainer for src:libarchive is Peter Pentchev <roam@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 20 Dec 2018 20:36:02 UTC Severity: important Tags: security, upstream Found in version libarchive/ ...

Debian Bug report logs - #916964 libarchive: CVE-2018-1000877 Package: src:libarchive; Maintainer for src:libarchive is Peter Pentchev <roam@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 20 Dec 2018 20:48:02 UTC Severity: important Tags: security, upstream Found in versions libarchive ...

A resource consumption issue has been found in libarchive >= 320 and <=333, in the _warc_read() function in archive_read_support_format_warmc An attacker can use a specially crafted WARC file to cause quasi-infinite run time and disk usage from a tiny file ...

CWE-119 https://github.com/libarchive/libarchive/pull/1105/commits/9c84b7426660c09c18cc349f6d70b5f8168b5680 https://github.com/libarchive/libarchive/pull/1105 https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909 https://www.debian.org/security/2018/dsa-4360 http://www.securityfocus.com/bid/106324 https://usn.ubuntu.com/3859-1/http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W645KCLWFDBDGFJHG57WOVXGE62QSIJI/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBOCC2M6YGPZA6US43YK4INPSJZZHRTG/https://usn.ubuntu.com/3859-1/https://nvd.nist.gov

CVE-2018-1000880

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect