4.3
CVSSv2

CVE-2018-12418

Published: 14/06/2018 Updated: 03/10/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 385
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Summary

Archive.java in Junrar prior to 1.0.1, as used in Apache Tika and other products, is affected by a denial of service vulnerability due to an infinite loop when handling corrupt RAR files.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

junrar project junrar

Vendor Advisories

Archivejava in Junrar before 101, as used in Apache Tika and other products, is affected by a denial of service vulnerability due to an infinite loop when handling corrupt RAR files ...

Github Repositories

JQF + Zest: Semantic Fuzzing for Java JQF is a feedback-directed fuzz testing platform for Java (think: AFL/LibFuzzer but for JVM bytecode) JQF uses the abstraction of property-based testing, which makes it nice to write fuzz drivers as parameteric JUnit test methods JQF is built on top of junit-quickcheck JQF enables running junit-quickcheck style parameterized unit tests

JQF + Zest: Semantic Fuzzing for Java JQF is a feedback-directed fuzz testing platform for Java (think: AFL/LibFuzzer but for JVM bytecode) JQF uses the abstraction of property-based testing, which makes it nice to write fuzz drivers as parameteric JUnit test methods JQF is built on top of junit-quickcheck JQF enables running junit-quickcheck style parameterized unit tests w

JQF + Zest: Semantic Fuzzing for Java JQF is a feedback-directed fuzz testing platform for Java (think: AFL/LibFuzzer but for JVM bytecode) JQF uses the abstraction of property-based testing, which makes it nice to write fuzz drivers as parameteric JUnit test methods JQF is built on top of junit-quickcheck JQF enables running junit-quickcheck style parameterized unit tests

JQF + Zest: Coverage-guided semantic fuzzing for Java.

JQF + Zest: Semantic Fuzzing for Java JQF is a feedback-directed fuzz testing platform for Java, which uses the abstraction of property-based testing JQF is built on top of junit-quickcheck: a tool for generating random arguments for parametric Junit test methods JQF enables better input generation using coverage-guided fuzzing algorithms such as Zest Zest is an algorithm th

JQF + Zest: Semantic Fuzzing for Java JQF is a feedback-directed fuzz testing platform for Java (think: AFL/LibFuzzer but for JVM bytecode) JQF uses the abstraction of property-based testing, which makes it nice to write fuzz drivers as parameteric JUnit test methods JQF is built on top of junit-quickcheck JQF enables running junit-quickcheck style parameterized unit tests

PoC in GitHub 2020 CVE-2020-0014 It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android ID: A-1286745

PoC auto collect from GitHub.

PoC in GitHub 2020 CVE-2020-0022 In reassemble_and_dispatch of packet_fragmentercc, there is possible out of bounds write due to an incorrect bounds calculation This could lead to remote code execution over Bluetooth with no additional execution privileges needed User interaction is not needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Andr