QwikSec

Security Database

CVE

CWE

Training

CVE-2018-1000877

Published: Dec 20, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted RAR archive.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_UBUNTU

[debian-lts-announce] 20181221 [SECURITY] [DLA 1612-1] libarchive security update

mailing-list

x_refsource_MLIST

https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909

x_refsource_MISC

vendor-advisory

x_refsource_DEBIAN

https://github.com/libarchive/libarchive/pull/1105/commits/021efa522ad729ff0f5806c4ce53e4a6cc1daa31

x_refsource_MISC

https://github.com/libarchive/libarchive/pull/1105

x_refsource_MISC

vdb-entry

x_refsource_BID

FEDORA-2019-0233ec0ff3

vendor-advisory

x_refsource_FEDORA

FEDORA-2019-fbe83d0e32

vendor-advisory

x_refsource_FEDORA

FEDORA-2019-c595a93536

vendor-advisory

x_refsource_FEDORA

openSUSE-SU-2019:1196

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

openSUSE-SU-2019:2615

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2019:2632

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2018-1000877 - Security Vulnerability | QwikSec