CWE-476: NULL Pointer Dereference Vulnerability in libarchive/archive_acl.c

CWE-476: NULL Pointer Dereference Vulnerability in libarchive/archive_acl.c

CVE-2018-1000879 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.

Learn more about our Web Application Penetration Testing UK.