---

CVE-2018-1000877 - log back

CVE-2018-1000877 created at 25 Sep 2019 19:31:40
Severity	+ High
Remote	+ Local
Type	+ Arbitrary code execution
Description	+ A double-free issue has been found in libarchive >= 3.1.0 and <=3.3.3, in the parse_codes() function in archive_read_support_format_rar.c. An attacker can use a specially crafted RAR file to cause a call to realloc with a size of 0, effectively freeing the memory which will be freed again at a later time.
References	+ https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909 + https://github.com/libarchive/libarchive/pull/1105 + https://github.com/libarchive/libarchive/commit/021efa522ad729ff0f5806c4ce53e4a6cc1daa31
Notes