Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2019-18408

Published: 24/10/2019 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Libarchive

Vulnerability Summary

archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive prior to 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

libarchive libarchive

debian debian linux 8.0

canonical ubuntu linux 16.04

canonical ubuntu linux 18.04

canonical ubuntu linux 19.04

canonical ubuntu linux 14.04

Vendor Advisories

Ubuntu Security Notice: libarchive vulnerability
libarchive could be made to execute arbitrary code if it received specially crafted archive file ...
Debian Security Advisories: DSA-4557-1 libarchive -- security update
A use-after-free was found in libarchive, a multi-format archive and compression library, which could result in denial of service and potentially the execution of arbitrary code is a malformed archive is processed For the oldstable distribution (stretch), this problem has been fixed in version 322-2+deb9u2 For the stable distribution (buster), ...
Red Hat: Important: libarchive security update
Synopsis Important: libarchive security update Type/Severity Security Advisory: Important Topic An update for libarchive is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base ...
Red Hat: Important: libarchive security update
Synopsis Important: libarchive security update Type/Severity Security Advisory: Important Topic An update for libarchive is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base ...
Red Hat: Important: libarchive security update
Synopsis Important: libarchive security update Type/Severity Security Advisory: Important Topic An update for libarchive is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulne ...
Red Hat: Moderate: Red Hat CodeReady Workspaces 2.1.0 release
Synopsis Moderate: Red Hat CodeReady Workspaces 210 release Type/Severity Security Advisory: Moderate Topic Red Hat CodeReady Workspaces 210 has been releasedRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, ...
Red Hat: Moderate: OpenShift Container Platform 4.6.1 image security update
Synopsis Moderate: OpenShift Container Platform 461 image security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat OpenShift Container Platform 46Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability S ...
Amazon Linux 2: ALAS2-2020-1391
archive_read_format_rar_read_data in archive_read_support_format_rarc in libarchive before 340 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol (CVE-2019-18408) ...
Amazon Linux AMI: ALAS-2020-1343
archive_read_format_rar_read_data in archive_read_support_format_rarc in libarchive before 340 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol (CVE-2019-18408) ...

References

CWE-416https://github.com/libarchive/libarchive/commit/b8592ecba2f9e451e1f5cb7ab6dcee8b8e7b3f60https://github.com/libarchive/libarchive/compare/v3.3.3...v3.4.0https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14689https://lists.debian.org/debian-lts-announce/2019/10/msg00034.htmlhttps://usn.ubuntu.com/4169-1/https://www.debian.org/security/2019/dsa-4557https://seclists.org/bugtraq/2019/Nov/2http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.htmlhttps://access.redhat.com/errata/RHSA-2020:0203https://access.redhat.com/errata/RHSA-2020:0246https://access.redhat.com/errata/RHSA-2020:0271https://security.gentoo.org/glsa/202003-28https://support.f5.com/csp/article/K52144175?utm_source=f5support&%3Butm_medium=RSShttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6LZ4VJGTCYEJSDLOEWUUFG6TM4SUPFSY/https://usn.ubuntu.com/4169-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook