Bug 1629650 (CVE-2018-17093, CVE-2018-17094) - CVE-2018-17093 CVE-2018-17094 xar: Two NULL pointer dereference issues
Summary: CVE-2018-17093 CVE-2018-17094 xar: Two NULL pointer dereference issues
Keywords:
Status: CLOSED RAWHIDE
Alias: CVE-2018-17093, CVE-2018-17094
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Mosaab Alzoubi
QA Contact:
URL:
Whiteboard:
Depends On: 1629651
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-09-17 09:08 UTC by Andrej Nemec
Modified: 2020-01-25 02:47 UTC (History)
2 users (show)

Fixed In Version: xar-1.8.0.417.1-1
Clone Of:
Environment:
Last Closed: 2020-01-25 02:09:33 UTC
Embargoed:

Attachments (Terms of Use)

Description Andrej Nemec 2018-09-17 09:08:08 UTC 
CVE-2018-17093

An issue has been discovered in mackyle xar 1.6.1. There is a NULL pointer dereference in xar_get_path in lib/util.c.

https://github.com/mackyle/xar/issues/19

CVE-2018-17094

An issue has been discovered in mackyle xar 1.6.1. There is a NULL pointer dereference in xar_unserialize in lib/archive.c.

https://github.com/mackyle/xar/issues/20
Comment 1 Andrej Nemec 2018-09-17 09:09:04 UTC 
Created xar tracking bugs for this issue:

Affects: fedora-all [bug 1629651]
Comment 2 Product Security DevOps Team 2019-06-10 10:37:55 UTC 
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.
Comment 3 Product Security DevOps Team 2020-01-25 02:09:33 UTC 
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.
Comment 4 Mosaab Alzoubi 2020-01-25 02:47:24 UTC 
Fixed in xar-1.8.0.417.1-1
Note You need to log in before you can comment on or make changes to this bug.