PT-2018-3463 · Libarchive+2 · Libarchive+2

Daxtens

Publicado

2018-12-20

Atualizado

2024-06-15

CVE-2018-1000879

CVSS v2.0

7.1

Alta

Vetor

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: libarchive versions commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards)

Description: The issue is related to a NULL pointer dereference in the archive acl from text l() function of the libarchive library. This can be exploited by a remote attacker using a specially crafted archive file, potentially leading to a denial of service. The exploitation requires the victim to open the malicious archive.

Recommendations: For libarchive versions commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards), consider avoiding the use of the archive acl from text l() function until a patch is available. As a temporary workaround, restrict access to specially crafted archive files to minimize the risk of exploitation.

Correção

DoS

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

ALT-PU-2019-2522

ALT-PU-2019-3125

BDU:2020-01816

CVE-2018-1000879

MGASA-2019-0030

OPENSUSE-SU-2019:1196-1

OPENSUSE-SU-2019_1196-1

OPENSUSE-SU-2024:10925-1

SUSE-SU-2019:0831-1

Produtos afetados

Alt Linux

Suse

Libarchive

PT-2018-3463 · Libarchive+2 · Libarchive+2

CVE-2018-1000879

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 51