CVE-2018-12418

MEDIUM

junrar < 1.0.1 - Denial of Service via Corrupt RAR File Handling

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-12418. PoCs published by tafamace.

AI-analyzed exploit summary The provided code is a simple Java stub that prints command-line arguments and does not demonstrate any exploit functionality related to CVE-2018-12418. It lacks offensive techniques or vulnerability-specific logic.

Description

Archive.java in Junrar before 1.0.1, as used in Apache Tika and other products, is affected by a denial of service vulnerability due to an infinite loop when handling corrupt RAR files.

Exploits (1)

nomisec STUB

by tafamace · poc

https://github.com/tafamace/CVE-2018-12418

View Code ZIP pw:eip

The provided code is a simple Java stub that prints command-line arguments and does not demonstrate any exploit functionality related to CVE-2018-12418. It lacks offensive techniques or vulnerability-specific logic.

Classification

Stub 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: unknown

No auth needed

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory x_refsource_misc

https://github.com/junrar/junrar/pull/8

Patch, Third Party Advisory x_refsource_misc

https://github.com/junrar/junrar/commit/ad8d0ba8e155630da8a1215cee3f253e0af45817

View Patch ZIP pw:eip

Scores

CVSS v3 5.5

EPSS 0.0041

EPSS Percentile 62.1%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE

CWE-835

Status published

Products (2)

com.github.junrar/junrar 0 - 1.0.1Maven

junrar_project/junrar < 1.0.1

Published Jun 14, 2018

Tracked Since Feb 18, 2026