{
  "threat_severity" : "Low",
  "public_date" : "2018-11-20T00:00:00Z",
  "bugzilla" : {
    "description" : "libarchive: NULL pointer dereference in ACL parser resulting in a denial of service",
    "id" : "1663890",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1663890"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.3",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
    "status" : "draft"
  },
  "cwe" : "CWE-476",
  "details" : [ "libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.", "A vulnerability was found in libarchive, where a NULL pointer dereference in the archive_acl_from_text_l function in libarchive/archive_acl.c can lead to a denial of service, a remote attacker could exploit this flaw by persuading a victim to open a specially crafted file, causing the application to crash." ],
  "statement" : "This vulnerability is rated as low severity because it results in a denial of service due to a NULL pointer dereference, it can crash the application, it does not affect system security or integrity.\nThis issue did not affect the versions of libarchive as shipped with Red Hat Enterprise Linux 6 and 7.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "libarchive",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "libarchive",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "libarchive",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2018-1000879\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000879" ],
  "name" : "CVE-2018-1000879",
  "csaw" : false
}