Lucene search

K

RedosROS-20221216-01

HistoryDec 16, 2022 - 12:00 a.m.

ROS-20221216-01

2022-12-1600:00:00

redos.red-soft.ru

14

vulnerability

libarchive

error checking

calloc

denial of service

remote attack

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.004 Low

EPSS

Percentile

74.3%

A vulnerability in the libarchive archiving library is related to the lack of error checking after the
call to the calloc function, which may return with a NULL pointer in case of a function crash, resulting in a NULL pointer dereference.
resultant dereferencing of the NULL pointer. Exploitation of the vulnerability could allow an attacker,
acting remotely, to cause an error and perform a denial of service attack

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64libarchive<= 3.4.3-5UNKNOWN

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.004 Low

EPSS

Percentile

74.3%

Related for ROS-20221216-01