Vulnerabilities > CVE-2018-12418 - Infinite Loop vulnerability in Junrar Project Junrar 0.6/0.7/1.0.0

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
local
low complexity
junrar-project
CWE-835
NVD
Published: 2018-06-14
Updated: 2019-10-03

Summary

Archive.java in Junrar before 1.0.1, as used in Apache Tika and other products, is affected by a denial of service vulnerability due to an infinite loop when handling corrupt RAR files.

Vulnerable Configurations

Part Description Count
Application
Junrar_Project
4

Common Weakness Enumeration (CWE)

References