RARLAB WinRAR Vulnerability Allows Spoofing and Denial of Service on Linux and UNIX Platforms
CVE-2024-33899

7.1HIGH

Key Information:

Vendor: RARLAB
Status: Winrar
Vendor: CVE Published:; 29 April 2024

What is CVE-2024-33899?

RARLAB WinRAR, prior to version 7.00, is susceptible to security vulnerabilities on Linux and UNIX operating systems. Attackers may exploit ANSI escape sequences to manipulate the screen output, potentially leading to misleading information being displayed to users. Additionally, this vulnerability can be leveraged to induce a denial of service, causing disruptions to normal operations. Users are strongly advised to update to the latest version of WinRAR to mitigate these risks.

References

https://www.rarlab.com/rarnew.htm

https://sdushantha.medium.com/ansi-escape-injection-vulne...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 29, 2024

CVE-2024-33899 Data

JSON