CVE-2018-1000879
Published: 20 December 2018
libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.
Priority
CVSS 3 base score: 6.5
Status
Package | Release | Status |
---|---|---|
libarchive Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
cosmic |
Not vulnerable
(code not present)
|
|
precise |
Does not exist
|
|
trusty |
Not vulnerable
(code not present)
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(code not present)
|
|
Patches: upstream: https://github.com/libarchive/libarchive/pull/1105/commits/15bf44fd2c1ad0e3fd87048b3fcc90c4dcff1175 |