NULL Pointer Dereference in libarchive Affects Multiple Vendors
CVE-2018-1000879

6.5MEDIUM

Key Information:

Vendor

Libarchive

Status
Libarchive
Vendor
CVE Published:
20 December 2018

What is CVE-2018-1000879?

The libarchive library versions from commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards, which includes release v3.3.0 and later, contain a NULL Pointer Dereference vulnerability in the ACL parser (archive_acl.c). This flaw can be exploited by an attacker who convinces a victim to open a specially crafted archive file, potentially leading to application crashes or denial of service (DoS). This makes it critical for users of libarchive to be aware of this vulnerability and take appropriate mitigation measures.

References

https://github.com/libarchive/libarchive/pull/1105/commit...
x_refsource_MISC
https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug...
x_refsource_MISC
https://github.com/libarchive/libarchive/pull/1105
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.