libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
07 Nov 2023, 02:51
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2018-12-20 17:29
Updated : 2024-02-28 16:48
NVD link : CVE-2018-1000878
Mitre link : CVE-2018-1000878
CVE.ORG link : CVE-2018-1000878
JSON object : View
Products Affected
redhat
- enterprise_linux_workstation
- enterprise_linux_server
- enterprise_linux_desktop
libarchive
- libarchive
opensuse
- leap
fedoraproject
- fedora
canonical
- ubuntu_linux
debian
- debian_linux
CWE
CWE-416
Use After Free