Vulnerability Details : CVE-2019-18408
archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.
Vulnerability category: Memory Corruption
Products affected by CVE-2019-18408
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
- cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-18408
1.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 84 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-18408
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2019-18408
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-18408
-
https://usn.ubuntu.com/4169-1/
USN-4169-1: libarchive vulnerability | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html
[security-announce] openSUSE-SU-2019:2632-1: moderate: Security update f
-
https://www.debian.org/security/2019/dsa-4557
Debian -- Security Information -- DSA-4557-1 libarchive
-
https://security.gentoo.org/glsa/202003-28
libarchive: Multiple vulnerabilities (GLSA 202003-28) — Gentoo security
-
https://access.redhat.com/errata/RHSA-2020:0203
RHSA-2020:0203 - Security Advisory - Red Hat Customer Portal
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6LZ4VJGTCYEJSDLOEWUUFG6TM4SUPFSY/
[SECURITY] Fedora 30 Update: libarchive-3.3.3-7.fc30 - package-announce - Fedora Mailing-Lists
-
https://lists.debian.org/debian-lts-announce/2019/10/msg00034.html
[SECURITY] [DLA 1971-1] libarchive security updateMailing List;Third Party Advisory
-
https://support.f5.com/csp/article/K52144175?utm_source=f5support&utm_medium=RSS
-
https://access.redhat.com/errata/RHSA-2020:0271
RHSA-2020:0271 - Security Advisory - Red Hat Customer Portal
-
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html
[security-announce] openSUSE-SU-2019:2615-1: moderate: Security update f
-
https://github.com/libarchive/libarchive/commit/b8592ecba2f9e451e1f5cb7ab6dcee8b8e7b3f60
RAR reader: fix use after free · libarchive/libarchive@b8592ec · GitHubPatch;Third Party Advisory
-
https://github.com/libarchive/libarchive/compare/v3.3.3...v3.4.0
Comparing v3.3.3...v3.4.0 · libarchive/libarchive · GitHubRelease Notes;Third Party Advisory
-
https://seclists.org/bugtraq/2019/Nov/2
Bugtraq: [SECURITY] [DSA 4557-1] libarchive security update
-
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14689
14689 - libarchive/libarchive_fuzzer: Heap-use-after-free in Ppmd7_DecodeSymbol - oss-fuzz - OSS-Fuzz: Fuzzing the planet - MonorailThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2020:0246
RHSA-2020:0246 - Security Advisory - Red Hat Customer Portal
Jump to