CVE-2018-1000877
Description
libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted RAR archive.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.775
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| SUSE-SU-2019:3092-1(SUSE Linux Enterprise Desktop 12-SP4 ) libarchive-debugsource-3.1.2-26.6.1.x86_64.rpm | Linux |
| SUSE-SU-2019:3092-1(SUSE Linux Enterprise Desktop 12-SP4 ) libarchive13-3.1.2-26.6.1.x86_64.rpm | Linux |
| SUSE-SU-2019:3092-1(SUSE Linux Enterprise Desktop 12-SP4 ) libarchive13-debuginfo-3.1.2-26.6.1.x86_64.rpm | Linux |
| Double Free Vulnerability (CVE-2018-1000877) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234