CVE-2019-1000020

Description

libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file.

Severity

Medium

See what this means

CVSS v3 Base Score

6.5

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 1	libarchive	2019-10-08 21:22	ALAS-2019-1308
Amazon Linux 2 - Core	libarchive	2019-10-21 18:01	ALAS2-2019-1325

Platform

Package

Release Date

Advisory

Amazon Linux 1

libarchive

2019-10-08 21:22

ALAS-2019-1308

Amazon Linux 2 - Core

libarchive

2019-10-21 18:01

ALAS2-2019-1325

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	6.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
NVD	CVSSv3	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
NVD	CVSSv2	4.3	AV:N/AC:M/Au:N/C:N/I:N/A:P

Score Type

Score

Vector

Amazon Linux

CVSSv3

6.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

NVD

CVSSv3

6.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

NVD