« List of all CVEs

CVE-2018-1000878

Published: 12/20/2018 Last updated: 8/5/2024 Reserved: 12/13/2018

libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (1)

conf-cpio

Products affected (1)

Product Vendor Version
n/a n/a < 10.0.20348.643

References (30)