Denial of Service Vulnerability in RAR File Handling for Apache Tika by Junrar
CVE-2018-12418

5.5MEDIUM

Key Information:

Vendor: Junrar Project
Status: Junrar
Vendor: CVE Published:; 14 June 2018

🔔 Create Junrar Project Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2018-12418?

Archive.java in Junrar prior to version 1.0.1 is susceptible to a denial of service vulnerability due to an infinite loop encountered when processing corrupt RAR files. This flaw can lead to disruptions in service, as applications relying on Junrar to process RAR files may become unresponsive when faced with malformed inputs.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2018-12418
Created by tafamace

References

https://github.com/junrar/junrar/pull/8

x_refsource_MISC

https://github.com/junrar/junrar/commit/ad8d0ba8e155630da...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
🟡
Public PoC available
Nov 19, 2018
👾
Exploit known to exist
Nov 19, 2018
Vulnerability published
Jun 14, 2018

CVE-2018-12418 Data

JSON