Buffer Overflow Vulnerability in UnRAR by RARLAB
CVE-2017-12942

9.8CRITICAL

Key Information:

Vendor
Rarlab
Status
Unrar
Vendor
CVE Published:
18 August 2017

Summary

The library libunrar.a in UnRAR prior to version 5.5.7 contains a buffer overflow issue in the Unpack::LongLZ function. This vulnerability can lead to significant security risks if exploited, potentially allowing an attacker to execute arbitrary code or crash the application. Users running unsupported versions are advised to upgrade to mitigate the risk and ensure the integrity and performance of their systems.

References

http://seclists.org/oss-sec/2017/q3/290
x_refsource_MISC
https://kc.mcafee.com/corporate/index?page=content&id=SB1...
x_refsource_CONFIRM
https://security.gentoo.org/glsa/201709-24
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.