CVE-2018-12418

MEDIUM

Junrar <1.0.1 - DoS

Title source: llm

Description

Archive.java in Junrar before 1.0.1, as used in Apache Tika and other products, is affected by a denial of service vulnerability due to an infinite loop when handling corrupt RAR files.

Exploits (1)

nomisec STUB

by tafamace · poc

https://github.com/tafamace/CVE-2018-12418

View Code ZIP pw:eip

References (2)

[Patch, Third Party Advisory] https://github.com/junrar/junrar/commit/ad8d0ba8e155630da8a1215cee3f253e0af45817

[Third Party Advisory] https://github.com/junrar/junrar/pull/8

Scores

CVSS v3 5.5

EPSS 0.0041

EPSS Percentile 61.5%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE

CWE-835

Status published

Products (2)

com.github.junrar/junrar 0 - 1.0.1Maven

junrar_project/junrar < 1.0.1

Published Jun 14, 2018

Tracked Since Feb 18, 2026