CVE-2017-11125NULL Pointer Dereference in Project XAR

CWE-476NULL Pointer Dereference7 documents6 sources
Severity
9.8CRITICALNVD
EPSS
0.4%
top 40.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
XAR Project XAR
Timeline
PublishedJul 10
Latest updateMay 13

Description

libxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_get_path function in util.c.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

Debianxar_project/xar< 1.8.0.498-1+1
NVDxar_project/xar1.6.1

🔴Vulnerability Details

3
GHSA
GHSA-hp8r-5243-x9f3: libxar2022-05-13
CVEList
CVE-2017-11125: libxar2017-07-10
OSV
CVE-2017-11125: libxar2017-07-10

📋Vendor Advisories

1
Debian
CVE-2017-11125: xar - libxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_get_path functi...2017

💬Community

2
Bugzilla
CVE-2017-11124 CVE-2017-11125 xar: Multiple vulnerabilities [fedora-all]2017-07-12
Bugzilla
CVE-2017-11125 CVE-2017-11124 xar: Multiple vulnerabilities2017-07-12
CVE-2017-11125 — NULL Pointer Dereference | cvebase