Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2019-1000020

Published: 04/02/2019 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Libarchive

Vulnerability Summary

libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

libarchive libarchive

canonical ubuntu linux 16.04

canonical ubuntu linux 14.04

canonical ubuntu linux 18.04

canonical ubuntu linux 18.10

debian debian linux 8.0

redhat enterprise linux desktop 7.0

redhat enterprise linux workstation 7.0

redhat enterprise linux server 7.0

opensuse leap 15.0

fedoraproject fedora 29

Vendor Advisories

Ubuntu Security Notice: libarchive vulnerabilities
Several security issues were fixed in libarchive ...
Red Hat: Moderate: libarchive security update
Synopsis Moderate: libarchive security update Type/Severity Security Advisory: Moderate Topic An update for libarchive is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base sco ...
Red Hat: Moderate: libarchive security and bug fix update
Synopsis Moderate: libarchive security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for libarchive is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CV ...
Amazon Linux 2: ALAS2-2019-1325
libarchive 332 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lhac when extracting a specially crafted lha archive, related to lha_crc16(CVE-2017-14503) libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v310 onwards) contains a CWE-415: Double Free vulnerability ...
Amazon Linux AMI: ALAS-2019-1308
libarchive 332 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lhac when extracting a specially crafted lha archive, related to lha_crc16(CVE-2017-14503) libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v310 onwards) contains a CWE-415 Double Free vulnerability i ...
Red Hat: CVE-2019-1000020
libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v280 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660c, read_CE()/parse_rockridge() that can result in DoS by infinite loop This attack appears to be exploita ...
Arch Linux Issues:
ibarchive version >=v280 contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660c, read_CE()/parse_rockridge() that can result in DoS by infinite loop This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file ...

References

CWE-835https://github.com/libarchive/libarchive/pull/1120/commits/8312eaa576014cd9b965012af51bc1f967b12423https://github.com/libarchive/libarchive/pull/1120https://usn.ubuntu.com/3884-1/https://lists.debian.org/debian-lts-announce/2019/02/msg00013.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.htmlhttps://access.redhat.com/errata/RHSA-2019:2298https://access.redhat.com/errata/RHSA-2019:3698http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBOCC2M6YGPZA6US43YK4INPSJZZHRTG/https://usn.ubuntu.com/3884-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895blind SQL injectionCVE-2024-5064CVE-2023-52677CVE-2023-52682CVE-2024-30051CVE-2024-35849remote attackersremote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook