PT-2018-3463 · Libarchive+2 · Libarchive+2

Daxtens

Published

2018-12-20

Updated

2024-06-15

CVE-2018-1000879

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: libarchive versions commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards)

Description: The issue is related to a NULL pointer dereference in the archive acl from text l() function of the libarchive library. This can be exploited by a remote attacker using a specially crafted archive file, potentially leading to a denial of service. The exploitation requires the victim to open the malicious archive.

Recommendations: For libarchive versions commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards), consider avoiding the use of the archive acl from text l() function until a patch is available. As a temporary workaround, restrict access to specially crafted archive files to minimize the risk of exploitation.

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2019-2522

ALT-PU-2019-3125

BDU:2020-01816

CVE-2018-1000879

MGASA-2019-0030

OPENSUSE-SU-2019:1196-1

OPENSUSE-SU-2019_1196-1

OPENSUSE-SU-2024:10925-1

SUSE-SU-2019:0831-1

Affected Products

Alt Linux

Suse

Libarchive

PT-2018-3463 · Libarchive+2 · Libarchive+2

CVE-2018-1000879

Weakness Enumeration

Related Identifiers

Affected Products

References · 51