Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-1000888Deserialization of Untrusted Data in Archive TAR

CWE-502Deserialization of Untrusted Data14 documents10 sources
Severity
8.8HIGHNVD
EPSS
29.5%
top 3.39%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
5
Drupal CorePear Archive TARPHP Pear Archive TAR+2 more
Timeline
PublishedDec 28
Latest updateJul 7

Description

PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are several file operations with `$v_header['filename']` as parameter (such as file_exists, is_file, is_dir, etc). When extract is called without a specific prefix path, we can trigger unserialization by crafting a tar file with `phar://[path_to_malicious_phar_file]` as path. Object injection can be used to trigger destruct in the loaded PHP classes, e.g. the Archive_Tar class its

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

Packagistpear/archive_tar< 1.4.4
CVEListV5drupal/drupal_core7.x7.62+2

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 16.04, 18.04, 18.10

🔴Vulnerability Details

5
GHSA
Archive_Tar contains Potential RCE if filename starts with phar://2023-07-07
OSV
Archive_Tar contains Potential RCE if filename starts with phar://2023-07-07
GHSA
Drupal core third-party PEAR Archive_Tar library is vulnerable to Deserialization of Untrusted Data2019-12-02
OSV
CVE-2018-1000888: PEAR Archive_Tar version 12018-12-28
CVEList
CVE-2018-1000888: PEAR Archive_Tar version 12018-12-27

💥Exploits & PoCs

1
Exploit-DB
PEAR Archive_Tar < 1.4.4 - PHP Object Injection2019-01-10

📋Vendor Advisories

4
Drupal
Drupal core - Critical - Third Party Libraries - SA-CORE-2019-0012019-01-16
Ubuntu
PEAR vulnerability2019-01-14
Red Hat
php-pear: Unsafe deserialization of data in Archive_Tar class2018-12-28
Debian
CVE-2018-1000888: php-pear - PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerabi...2018

💬Community

3
Bugzilla
CVE-2018-1000888 php-pear: Unsafe deserialization of data in Archive_Tar class2019-01-25
Bugzilla
CVE-2018-1000888 php-pear: Unsafe deserialization of data in Archive_Tar class [fedora-all]2019-01-25
Bugzilla
CVE-2019-6338 drupal: Vulnerability in the embedded PEAR Archive_Tar library2019-01-23
CVE-2018-1000888 — Deserialization of Untrusted Data | cvebase