Lucene search

MitreCVE-2018-12418

HistoryJun 14, 2018 - 4:29 p.m.

CVE-2018-12418

2018-06-1416:29:00

CWE-835

mitre

web.nvd.nist.gov

cve-2018-12418

archive.java

junrar

apache tika

denial of service

vulnerability

rar files

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

27.9%

JSON

Archive.java in Junrar before 1.0.1, as used in Apache Tika and other products, is affected by a denial of service vulnerability due to an infinite loop when handling corrupt RAR files.

Affected configurations

Nvd

Node

junrar_projectjunrarRange<1.0.1

VendorProductVersionCPE
junrar_projectjunrar*cpe:2.3:a:junrar_project:junrar:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
junrar_project	junrar	*	cpe:2.3:a:junrar_project:junrar::::::::

References

github.com/junrar/junrar/commit/ad8d0ba8e155630da8a1215cee3f253e0af45817

github.com/junrar/junrar/pull/8

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

27.9%

JSON

Related for CVE-2018-12418