Improper Input Validation in WARC Parser Affects libarchive by Libarchive
CVE-2018-1000880

6.5MEDIUM

Key Information:

Vendor

Libarchive

Status
Libarchive
Vendor
CVE Published:
20 December 2018

What is CVE-2018-1000880?

libarchive versions from v3.2.0 onwards contain an improper input validation vulnerability in the WARC parser, specifically in the archive_read_support_format_warc.c file. This flaw can trigger a denial of service (DoS) due to excessively high runtime and disk usage when processing specially crafted WARC files. An attacker can exploit this vulnerability by persuading a victim to open a malicious WARC file.

References

https://usn.ubuntu.com/3859-1/
vendor-advisoryx_refsource_UBUNTU
https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug...
x_refsource_MISC
https://www.debian.org/security/2018/dsa-4360
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.