mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
96 lines
3.3 KiB
JSON
96 lines
3.3 KiB
JSON
{
|
|
"CVE_data_meta" : {
|
|
"ASSIGNER" : "kurt@seifried.org",
|
|
"DATE_ASSIGNED" : "2018-12-19T20:52:45.246062",
|
|
"DATE_REQUESTED" : "2018-12-13T08:59:54",
|
|
"ID" : "CVE-2018-1000877",
|
|
"REQUESTER" : "dja@axtens.net",
|
|
"STATE" : "PUBLIC"
|
|
},
|
|
"affects" : {
|
|
"vendor" : {
|
|
"vendor_data" : [
|
|
{
|
|
"product" : {
|
|
"product_data" : [
|
|
{
|
|
"product_name" : "libarchive",
|
|
"version" : {
|
|
"version_data" : [
|
|
{
|
|
"version_value" : "commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards)"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name" : "libarchive"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format" : "MITRE",
|
|
"data_type" : "CVE",
|
|
"data_version" : "4.0",
|
|
"description" : {
|
|
"description_data" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted RAR archive."
|
|
}
|
|
]
|
|
},
|
|
"problemtype" : {
|
|
"problemtype_data" : [
|
|
{
|
|
"description" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "CWE-415: Double Free"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references" : {
|
|
"reference_data" : [
|
|
{
|
|
"name" : "[debian-lts-announce] 20181221 [SECURITY] [DLA 1612-1] libarchive security update",
|
|
"refsource" : "MLIST",
|
|
"url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00011.html"
|
|
},
|
|
{
|
|
"name" : "https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909",
|
|
"refsource" : "MISC",
|
|
"url" : "https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909"
|
|
},
|
|
{
|
|
"name" : "https://github.com/libarchive/libarchive/pull/1105",
|
|
"refsource" : "MISC",
|
|
"url" : "https://github.com/libarchive/libarchive/pull/1105"
|
|
},
|
|
{
|
|
"name" : "https://github.com/libarchive/libarchive/pull/1105/commits/021efa522ad729ff0f5806c4ce53e4a6cc1daa31",
|
|
"refsource" : "MISC",
|
|
"url" : "https://github.com/libarchive/libarchive/pull/1105/commits/021efa522ad729ff0f5806c4ce53e4a6cc1daa31"
|
|
},
|
|
{
|
|
"name" : "DSA-4360",
|
|
"refsource" : "DEBIAN",
|
|
"url" : "https://www.debian.org/security/2018/dsa-4360"
|
|
},
|
|
{
|
|
"name" : "USN-3859-1",
|
|
"refsource" : "UBUNTU",
|
|
"url" : "https://usn.ubuntu.com/3859-1/"
|
|
},
|
|
{
|
|
"name" : "106324",
|
|
"refsource" : "BID",
|
|
"url" : "http://www.securityfocus.com/bid/106324"
|
|
}
|
|
]
|
|
}
|
|
}
|