CVE-2019-18408

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14689

https://github.com/libarchive/libarchive/commit/b8592ecba2f9e451e1f5cb7ab6dcee8b8e7b3f60

https://github.com/libarchive/libarchive/compare/v3.3.3...v3.4.0

https://lists.debian.org/debian-lts-announce/2019/10/msg00034.html

https://seclists.org/bugtraq/2019/Nov/2

https://usn.ubuntu.com/4169-1/

https://www.debian.org/security/2019/dsa-4557

Details

Source: MITRE

Published: 2019-10-24

Updated: 2019-11-01

Type: CWE-416

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (30 total)

IDNameProductFamilySeverity
145912CentOS 8 : libarchive (CESA-2020:0271)NessusCentOS Local Security Checks
high
143947NewStart CGSL CORE 5.05 / MAIN 5.05 : libarchive Vulnerability (NS-SA-2020-0109)NessusNewStart CGSL Local Security Checks
high
135760NewStart CGSL CORE 5.04 / MAIN 5.04 : libarchive Vulnerability (NS-SA-2020-0013)NessusNewStart CGSL Local Security Checks
high
135650EulerOS Virtualization 3.0.2.2 : libarchive (EulerOS-SA-2020-1488)NessusHuawei Local Security Checks
high
134605GLSA-202003-28 : libarchive: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
134515EulerOS Virtualization for ARM 64 3.0.2.0 : libarchive (EulerOS-SA-2020-1226)NessusHuawei Local Security Checks
high
133869Amazon Linux AMI : libarchive (ALAS-2020-1343)NessusAmazon Linux Local Security Checks
high
133555Amazon Linux 2 : libarchive (ALAS-2020-1391)NessusAmazon Linux Local Security Checks
high
133335RHEL 8 : libarchive (RHSA-2020:0271)NessusRed Hat Local Security Checks
high
133331Oracle Linux 8 : libarchive (ELSA-2020-0271)NessusOracle Linux Local Security Checks
high
133315CentOS 7 : libarchive (CESA-2020:0203)NessusCentOS Local Security Checks
high
133287RHEL 8 : libarchive (RHSA-2020:0246)NessusRed Hat Local Security Checks
high
133195Scientific Linux Security Update : libarchive on SL7.x x86_64 (20200122)NessusScientific Linux Local Security Checks
high
133191RHEL 7 : libarchive (RHSA-2020:0203)NessusRed Hat Local Security Checks
high
133187Oracle Linux 7 : libarchive (ELSA-2020-0203)NessusOracle Linux Local Security Checks
high
132834EulerOS Virtualization for ARM 64 3.0.5.0 : libarchive (EulerOS-SA-2020-1080)NessusHuawei Local Security Checks
high
132606EulerOS 2.0 SP8 : libarchive (EulerOS-SA-2020-1013)NessusHuawei Local Security Checks
high
132537Photon OS 2.0: Libarchive PHSA-2019-2.0-0189NessusPhotonOS Local Security Checks
high
132529Photon OS 3.0: Libarchive PHSA-2019-3.0-0041NessusPhotonOS Local Security Checks
high
132522Photon OS 1.0: Libarchive PHSA-2019-1.0-0257NessusPhotonOS Local Security Checks
high
132139EulerOS 2.0 SP3 : libarchive (EulerOS-SA-2019-2604)NessusHuawei Local Security Checks
high
131871EulerOS 2.0 SP2 : libarchive (EulerOS-SA-2019-2379)NessusHuawei Local Security Checks
high
131807EulerOS 2.0 SP5 : libarchive (EulerOS-SA-2019-2533)NessusHuawei Local Security Checks
high
131692openSUSE Security Update : libarchive (openSUSE-2019-2632)NessusSuSE Local Security Checks
high
131685openSUSE Security Update : libarchive (openSUSE-2019-2615)NessusSuSE Local Security Checks
high
131554SUSE SLED15 / SLES15 Security Update : libarchive (SUSE-SU-2019:3093-1)NessusSuSE Local Security Checks
high
131553SUSE SLED12 / SLES12 Security Update : libarchive (SUSE-SU-2019:3092-1)NessusSuSE Local Security Checks
high
130438Debian DSA-4557-1 : libarchive - security updateNessusDebian Local Security Checks
high
130394Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : libarchive vulnerability (USN-4169-1)NessusUbuntu Local Security Checks
high
130284Debian DLA-1971-1 : libarchive security updateNessusDebian Local Security Checks
high