TROYANOSYVIRUS
Volver a CVEs

CVE-2019-1000019

MEDIUM
6.5

Descripcion

libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file.

Detalles CVE

Puntuacion CVSS v3.16.5
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioREQUIRED
Publicado2/4/2019
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0

Productos afectados

canonical:ubuntu_linuxdebian:debian_linuxfedoraproject:fedoralibarchive:libarchiveopensuse:leapredhat:enterprise_linux_desktopredhat:enterprise_linux_serverredhat:enterprise_linux_workstation

Debilidades (CWE)

CWE-125

Referencias

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html(cve@mitre.org)
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html(cve@mitre.org)
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2019:2298(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2019:3698(cve@mitre.org)
https://github.com/libarchive/libarchive/pull/1120(cve@mitre.org)
https://github.com/libarchive/libarchive/pull/1120/commits/65a23f5dbee4497064e9bb467f81138a62b0dae1(cve@mitre.org)
https://lists.debian.org/debian-lts-announce/2019/02/msg00013.html(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBOCC2M6YGPZA6US43YK4INPSJZZHRTG/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/(cve@mitre.org)
https://usn.ubuntu.com/3884-1/(cve@mitre.org)
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:2298(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:3698(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/libarchive/libarchive/pull/1120(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/libarchive/libarchive/pull/1120/commits/65a23f5dbee4497064e9bb467f81138a62b0dae1(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2019/02/msg00013.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBOCC2M6YGPZA6US43YK4INPSJZZHRTG/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3884-1/(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.