CVE-2018-1000879

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.

References

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html

http://www.securityfocus.com/bid/106324

https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909

https://github.com/libarchive/libarchive/pull/1105

https://github.com/libarchive/libarchive/pull/1105/commits/15bf44fd2c1ad0e3fd87048b3fcc90c4dcff1175

https://lists.fedoraproject.org/archives/list/[email protected]/message/CBOCC2M6YGPZA6US43YK4INPSJZZHRTG/

https://lists.fedoraproject.org/archives/list/[email protected]/message/W645KCLWFDBDGFJHG57WOVXGE62QSIJI/

https://lists.fedoraproject.org/archives/list/[email protected]/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/

Details

Source: MITRE

Published: 2018-12-20

Updated: 2019-11-06

Type: CWE-476

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM

Tenable Plugins

View all (7 total)

IDNameProductFamilySeverity
126114Photon OS 3.0: Libarchive PHSA-2019-3.0-0015NessusPhotonOS Local Security Checks
high
124863Photon OS 1.0: Libarchive PHSA-2019-1.0-0227NessusPhotonOS Local Security Checks
high
124557Fedora 30 : libarchive (2019-fbe83d0e32)NessusFedora Local Security Checks
high
124051openSUSE Security Update : libarchive (openSUSE-2019-1196)NessusSuSE Local Security Checks
high
123766Fedora 28 : libarchive (2019-c595a93536)NessusFedora Local Security Checks
high
123636SUSE SLED15 / SLES15 Security Update : libarchive (SUSE-SU-2019:0831-1)NessusSuSE Local Security Checks
high
123098Fedora 29 : libarchive (2019-0233ec0ff3)NessusFedora Local Security Checks
high