Vulnerabilites related to rarlab - unrar
Vulnerability from fkie_nvd
Published
2007-02-08 18:28
Modified
2024-11-21 00:26
Severity ?
Summary
Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR and possibly other products, allows user-assisted remote attackers to execute arbitrary code via a crafted, password-protected archive.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:rarlab:unrar:3.60:*:*:*:*:*:*:*", matchCriteriaId: "3186EB26-F36F-4742-8589-695C05E8E928", vulnerable: true, }, { criteria: "cpe:2.3:a:rarlab:unrar:3.61:*:*:*:*:*:*:*", matchCriteriaId: "BCEDC70F-B8AB-4702-AE10-95A1D84A4397", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR and possibly other products, allows user-assisted remote attackers to execute arbitrary code via a crafted, password-protected archive.", }, { lang: "es", value: "Desbordamiento de búfer basado en pila en RARLabs Unrar, como paquete en WinRAR y posiblemente otros productos, permite a atacantes con la intervención del usuario ejecutar código de su elección a través de archivo manipulado, con protección con contraseña.\r\n", }, ], id: "CVE-2007-0855", lastModified: "2024-11-21T00:26:54.293", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: true, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2007-02-08T18:28:00.000", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=472", }, { source: "cve@mitre.org", url: "http://osvdb.org/33124", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/24077", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/24165", }, { source: "cve@mitre.org", url: "http://security.gentoo.org/glsa/glsa-200702-04.xml", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://securitytracker.com/id?1017593", }, { source: "cve@mitre.org", url: "http://www.novell.com/linux/security/advisories/2007_5_sr.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/22447", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2007/0523", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/32357", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=472", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/33124", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/24077", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/24165", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://security.gentoo.org/glsa/glsa-200702-04.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://securitytracker.com/id?1017593", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2007_5_sr.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/22447", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2007/0523", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/32357", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-09-03 20:29
Modified
2024-11-21 03:12
Severity ?
Summary
The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a crafted RAR archive. NOTE: this may be the same as one of the several test cases in the CVE-2017-11189 references.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2017/08/20/1 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://bugs.debian.org/874061 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2021/02/msg00026.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2017/08/20/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/874061 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/02/msg00026.html | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rarlab | unrar | 0.0.1 | |
| debian | debian_linux | 9.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:rarlab:unrar:0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C9375EDD-F652-4A42-AC16-0C28FB47CE96", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a crafted RAR archive. NOTE: this may be the same as one of the several test cases in the CVE-2017-11189 references.", }, { lang: "es", value: "La función DecodeNumber en unrarlib.c en unrar versión 0.0.1 (también conocido como unrar-free o unrar-gpl) sufre un fallo de desviación de puntero NULL provocado por un archivo RAR manipulado. NOTA: esto puede ser lo mismo que uno de los varios casos de prueba en las referencias de CVE-2017-11189.", }, ], id: "CVE-2017-14121", lastModified: "2024-11-21T03:12:10.880", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-09-03T20:29:00.317", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2017/08/20/1", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugs.debian.org/874061", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/02/msg00026.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2017/08/20/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugs.debian.org/874061", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/02/msg00026.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-07 04:15
Modified
2024-11-21 07:33
Severity ?
Summary
UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:rarlab:unrar:*:*:*:*:*:*:*:*", matchCriteriaId: "057E9885-5E94-4549-945B-33045A3FAAB8", versionEndExcluding: "6.2.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains.", }, { lang: "es", value: "UnRAR en las versiones anteriores a la 6.2.3 permite la extracción de archivos fuera de la carpeta de destino mediante cadenas de enlaces simbólicos. ", }, ], id: "CVE-2022-48579", lastModified: "2024-11-21T07:33:32.017", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-07T04:15:12.073", references: [ { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/pmachapman/unrar/commit/2ecab6bb5ac4f3b88f270218445496662020205f#diff-ca3086f578522062d7e390ed2cd7e10f646378a8b8cbf287a6e4db5966df68ee", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/pmachapman/unrar/commit/2ecab6bb5ac4f3b88f270218445496662020205f#diff-ca3086f578522062d7e390ed2cd7e10f646378a8b8cbf287a6e4db5966df68ee", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00023.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-59", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-07-01 03:15
Modified
2024-11-21 04:03
Severity ?
Summary
UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write during a memcpy in QuickOpen::ReadRaw when called from QuickOpen::ReadNext.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9845 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/aawc/unrar/releases | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2018-204.yaml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9845 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/aawc/unrar/releases | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2018-204.yaml | Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:rarlab:unrar:*:*:*:*:*:*:*:*", matchCriteriaId: "78741EDC-E6B2-4FA5-893D-43CD6C76E76D", versionEndIncluding: "5.7.4", versionStartIncluding: "5.6.1.7", vulnerable: true, }, { criteria: "cpe:2.3:a:rarlab:unrar:6.0.3:*:*:*:*:*:*:*", matchCriteriaId: "2E1C0B37-D131-453F-A116-59B125310549", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write during a memcpy in QuickOpen::ReadRaw when called from QuickOpen::ReadNext.", }, { lang: "es", value: "UnRAR versiones 5.6.1.7 hasta 5.7.4 y versión 6.0.3, presenta una escritura fuera de límites durante un memcpy en la función QuickOpen::ReadRaw cuando se llama desde QuickOpen::ReadNext", }, ], id: "CVE-2018-25018", lastModified: "2024-11-21T04:03:22.003", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-07-01T03:15:07.513", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9845", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/aawc/unrar/releases", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2018-204.yaml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9845", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/aawc/unrar/releases", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2018-204.yaml", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-08-18 14:29
Modified
2024-11-21 03:10
Severity ?
Summary
libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:rarlab:unrar:*:*:*:*:*:*:*:*", matchCriteriaId: "4FBF68E6-20E3-4B2A-A07B-F8E8D3037F82", versionEndIncluding: "5.5.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function.", }, { lang: "es", value: "libunrar.a en UnRAR en versiones anteriores a la 5.5.7 tiene un problema de desbordamiento de búfer en la función Unpack::LongLZ.", }, ], id: "CVE-2017-12942", lastModified: "2024-11-21T03:10:28.777", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-08-18T14:29:00.657", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/oss-sec/2017/q3/290", }, { source: "cve@mitre.org", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10241", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/201709-24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/oss-sec/2017/q3/290", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10241", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201709-24", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-08-18 13:29
Modified
2024-11-21 03:10
Severity ?
Summary
UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/oss-sec/2017/q3/290 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/oss-sec/2017/q3/290 | Exploit, Mailing List, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:rarlab:unrar:*:*:*:*:*:*:*:*", matchCriteriaId: "4FBF68E6-20E3-4B2A-A07B-F8E8D3037F82", versionEndIncluding: "5.5.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file.", }, { lang: "es", value: "UnRAR en versiones anteriores a la 5.5.7 permite a los atacantes remotos evitar los mecanismos de protección ante ataques de tipo Directory Traversal mediante vectores incluyendo un symlink al direction \".\", un symlink al directorio \"..\" y un archivo regular.", }, ], id: "CVE-2017-12938", lastModified: "2024-11-21T03:10:28.237", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-08-18T13:29:00.373", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/oss-sec/2017/q3/290", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/oss-sec/2017/q3/290", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-07-01 03:15
Modified
2024-11-21 03:22
Severity ?
Summary
UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString (called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4373 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2017-104.yaml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4373 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2017-104.yaml | Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:rarlab:unrar:5.6.1.2:*:*:*:*:*:*:*", matchCriteriaId: "DF8EE73C-CCEB-44F2-96CE-C8A6133907E6", vulnerable: true, }, { criteria: "cpe:2.3:a:rarlab:unrar:5.6.1.3:*:*:*:*:*:*:*", matchCriteriaId: "8EF9D711-DBB7-4841-B746-C7E3D1BBA7B4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString (called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile).", }, { lang: "es", value: "UnRAR versiones 5.6.1.2 y 5.6.1.3, presenta un desbordamiento de búfer en la región heap de la memoria en la función Unpack::CopyString (llamado desde Unpack::Unpack5 y CmdExtract::ExtractCurrentFile)", }, ], id: "CVE-2017-20006", lastModified: "2024-11-21T03:22:26.083", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-07-01T03:15:07.420", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4373", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2017-104.yaml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4373", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2017-104.yaml", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-08-18 14:29
Modified
2024-11-21 03:10
Severity ?
Summary
libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:rarlab:unrar:*:*:*:*:*:*:*:*", matchCriteriaId: "4FBF68E6-20E3-4B2A-A07B-F8E8D3037F82", versionEndIncluding: "5.5.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function.", }, { lang: "es", value: "libunrar.a en UnRAR en versiones anteriores a la 5.5.7 tiene un problema de lectura fuera de los límites de la memoria en la función Unpack::Unpack20.", }, ], id: "CVE-2017-12941", lastModified: "2024-11-21T03:10:28.640", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-08-18T14:29:00.547", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/oss-sec/2017/q3/290", }, { source: "cve@mitre.org", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10241", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/201709-24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/oss-sec/2017/q3/290", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10241", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201709-24", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-09-03 20:29
Modified
2024-11-21 03:12
Severity ?
Summary
unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2017/08/20/1 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://bugs.debian.org/874060 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2021/02/msg00026.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2017/08/20/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/874060 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/02/msg00026.html | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rarlab | unrar | 0.0.1 | |
| debian | debian_linux | 9.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:rarlab:unrar:0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C9375EDD-F652-4A42-AC16-0C28FB47CE96", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp.", }, { lang: "es", value: "unrar 0.0.1 (también llamado unrar-free o unrar-gpl) cuenta con una sobrelectura de búfer basada en pila en unrarlib.c, relacionado con ExtrFile y stricomp.", }, ], id: "CVE-2017-14122", lastModified: "2024-11-21T03:12:11.030", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-09-03T20:29:00.350", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2017/08/20/1", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugs.debian.org/874060", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/02/msg00026.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2017/08/20/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugs.debian.org/874060", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/02/msg00026.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-07-12 16:30
Modified
2024-11-21 00:33
Severity ?
Summary
Integer signedness error in the SET_VALUE function in rarvm.cpp in unrar 3.70 beta 3, as used in products including WinRAR and RAR for OS X, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive that causes a negative signed number to be cast to a large unsigned number.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:rarlab:unrar:3.70_beta_3:*:*:*:*:*:*:*", matchCriteriaId: "C0D82CC5-F76B-40D3-8375-D9ED524713B8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Integer signedness error in the SET_VALUE function in rarvm.cpp in unrar 3.70 beta 3, as used in products including WinRAR and RAR for OS X, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive that causes a negative signed number to be cast to a large unsigned number.", }, { lang: "es", value: "Error en la presencia de signo en entero en la función SET_VALUE del rarvm.cpp en el unrar 3.70 beta 3, como el utilizado en productos incluyendo el WinRAR y RAR para OS X, permite a atacantes remotos con la intervención del usuario provocar una denegación de servicio (caída) a través de un archivo RAR modificado que provoca que un número con signo negativo sea convertido en un número largo sin signo.", }, ], id: "CVE-2007-3726", lastModified: "2024-11-21T00:33:55.203", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2007-07-12T16:30:00.000", references: [ { source: "cve@mitre.org", url: "http://osvdb.org/39603", }, { source: "cve@mitre.org", url: "http://securityreason.com/securityalert/2880", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/473371/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/473373/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/473376/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/475155/30/5610/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/39603", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/2880", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/473371/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/473373/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/473376/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/475155/30/5610/threaded", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-08-18 14:29
Modified
2024-11-21 03:10
Severity ?
Summary
libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:rarlab:unrar:*:*:*:*:*:*:*:*", matchCriteriaId: "4FBF68E6-20E3-4B2A-A07B-F8E8D3037F82", versionEndIncluding: "5.5.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function.", }, { lang: "es", value: "libunrar.a en UnRAR en versiones anteriores a la 5.5.7 tiene un problema de lectura fuera de los límites de la memoria en la llamada EncodeFileName::Decode en la función Archive::ReadHeader15.", }, ], id: "CVE-2017-12940", lastModified: "2024-11-21T03:10:28.510", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-08-18T14:29:00.437", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/oss-sec/2017/q3/290", }, { source: "cve@mitre.org", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10241", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/201709-24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/oss-sec/2017/q3/290", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10241", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201709-24", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-05-09 08:15
Modified
2025-03-13 15:35
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rarlab | unrar | * | |
| linux | linux_kernel | - | |
| opengroup | unix | - | |
| debian | debian_linux | 10.0 |
{ cisaActionDue: "2022-08-30", cisaExploitAdd: "2022-08-09", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "RARLAB UnRAR Directory Traversal Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:rarlab:unrar:*:*:*:*:*:*:*:*", matchCriteriaId: "35D143B1-7FE7-4580-886E-4A54F6AB0CD9", versionEndExcluding: "6.12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.", }, { lang: "es", value: "RARLAB UnRAR versiones hasta 6.12, en Linux y UNIX permite un salto de directorio para escribir en los archivos durante una operación de extracción (también se conoce como desempaquetado), como es demostrado creando un archivo ~/.ssh/authorized_keys. NOTA: WinRAR y Android RAR no están afectados", }, ], id: "CVE-2022-30333", lastModified: "2025-03-13T15:35:00.390", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2022-05-09T08:15:06.937", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/167989/Zimbra-UnRAR-Path-Traversal.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00022.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202309-04", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://www.rarlab.com/rar/rarlinux-x32-612.tar.gz", }, { source: "cve@mitre.org", tags: [ "Product", ], url: "https://www.rarlab.com/rar_add.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/167989/Zimbra-UnRAR-Path-Traversal.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202309-04", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://www.rarlab.com/rar/rarlinux-x32-612.tar.gz", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://www.rarlab.com/rar_add.htm", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-22", }, { lang: "en", value: "CWE-59", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2017-09-03 20:29
Modified
2024-11-21 03:12
Severity ?
Summary
unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2017/08/20/1 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://bugs.debian.org/874059 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2021/02/msg00026.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2017/08/20/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/874059 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/02/msg00026.html | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rarlab | unrar | 0.0.1 | |
| debian | debian_linux | 9.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:rarlab:unrar:0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C9375EDD-F652-4A42-AC16-0C28FB47CE96", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory.", }, { lang: "es", value: "unrar 0.0.1 (también llamado unrar-free o unrar-gpl) cuenta con una vulnerabilidad de salto de directorio para archivos RAR v2: los nombres de ruta de tipo ../[nombre de archivo] se descomprimen en el directorio superior.", }, ], id: "CVE-2017-14120", lastModified: "2024-11-21T03:12:10.737", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-09-03T20:29:00.287", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2017/08/20/1", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugs.debian.org/874059", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/02/msg00026.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2017/08/20/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugs.debian.org/874059", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/02/msg00026.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-06-22 13:29
Modified
2024-11-21 01:46
Severity ?
Summary
A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the "DestPos" variable, which allows the attacker to write out of bounds when setting Mem[DestPos].
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sophos | threat_detection_engine | * | |
| rarlab | unrar | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sophos:threat_detection_engine:*:*:*:*:*:*:*:*", matchCriteriaId: "90694400-2314-41E4-BE0B-BD5B845AA324", versionEndIncluding: "3.36.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:rarlab:unrar:*:*:*:*:*:*:*:*", matchCriteriaId: "62C24682-D1EE-4D20-A2F2-73C689FCAA1B", versionEndIncluding: "5.5.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the \"DestPos\" variable, which allows the attacker to write out of bounds when setting Mem[DestPos].", }, { lang: "es", value: "Una corrupción de memoria VMSF_DELTA descubierta en unrar versiones anteriores a 5.5.5, utilizada en Sophos Anti-Virus Threat Detection Engine versiones anteriores a 3.37.2 y otros productos, puede permitir la ejecución de código arbitrario. Un desbordamiento de enteros puede producirse en DataSize + CurChannel. El resultado es un valor negativo de la variable \"DestPos\", que permite al atacante escribir fuera de límites al configurar Mem [DestPos].", }, ], id: "CVE-2012-6706", lastModified: "2024-11-21T01:46:43.117", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-06-22T13:29:00.173", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://securitytracker.com/id?1027725", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://telussecuritylabs.com/threats/show/TSL20121207-01", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1286", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://community.sophos.com/kb/en-us/118424#six", }, { source: "cve@mitre.org", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10205", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lock.cmpxchg8b.com/sophailv2.pdf", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://nakedsecurity.sophos.com/2012/11/05/tavis-ormandy-sophos/", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/201708-05", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/201709-24", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/201804-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://securitytracker.com/id?1027725", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://telussecuritylabs.com/threats/show/TSL20121207-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1286", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://community.sophos.com/kb/en-us/118424#six", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10205", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lock.cmpxchg8b.com/sophailv2.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://nakedsecurity.sophos.com/2012/11/05/tavis-ormandy-sophos/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201708-05", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201709-24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201804-16", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2017-14122
Vulnerability from cvelistv5
Published
2017-09-03 20:00
Modified
2024-08-05 19:20
Severity ?
EPSS score ?
Summary
unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.debian.org/874060 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2017/08/20/1 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/02/msg00026.html | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T19:20:40.905Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.debian.org/874060", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2017/08/20/1", }, { name: "[debian-lts-announce] 20210218 [SECURITY] [DLA 2567-1] unrar-free security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/02/msg00026.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-09-03T00:00:00", descriptions: [ { lang: "en", value: "unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-02-19T00:06:07", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugs.debian.org/874060", }, { tags: [ "x_refsource_MISC", ], url: "http://www.openwall.com/lists/oss-security/2017/08/20/1", }, { name: "[debian-lts-announce] 20210218 [SECURITY] [DLA 2567-1] unrar-free security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/02/msg00026.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-14122", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugs.debian.org/874060", refsource: "MISC", url: "https://bugs.debian.org/874060", }, { name: "http://www.openwall.com/lists/oss-security/2017/08/20/1", refsource: "MISC", url: "http://www.openwall.com/lists/oss-security/2017/08/20/1", }, { name: "[debian-lts-announce] 20210218 [SECURITY] [DLA 2567-1] unrar-free security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/02/msg00026.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-14122", datePublished: "2017-09-03T20:00:00", dateReserved: "2017-09-03T00:00:00", dateUpdated: "2024-08-05T19:20:40.905Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-12940
Vulnerability from cvelistv5
Published
2017-08-18 14:00
Modified
2024-08-05 18:51
Severity ?
EPSS score ?
Summary
libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/oss-sec/2017/q3/290 | x_refsource_MISC | |
| https://kc.mcafee.com/corporate/index?page=content&id=SB10241 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201709-24 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T18:51:07.230Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://seclists.org/oss-sec/2017/q3/290", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10241", }, { name: "GLSA-201709-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201709-24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-08-18T00:00:00", descriptions: [ { lang: "en", value: "libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-15T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://seclists.org/oss-sec/2017/q3/290", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10241", }, { name: "GLSA-201709-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201709-24", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-12940", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://seclists.org/oss-sec/2017/q3/290", refsource: "MISC", url: "http://seclists.org/oss-sec/2017/q3/290", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10241", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10241", }, { name: "GLSA-201709-24", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201709-24", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-12940", datePublished: "2017-08-18T14:00:00", dateReserved: "2017-08-18T00:00:00", dateUpdated: "2024-08-05T18:51:07.230Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-6706
Vulnerability from cvelistv5
Published
2017-06-22 13:00
Modified
2024-08-06 21:36
Severity ?
EPSS score ?
Summary
A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the "DestPos" variable, which allows the attacker to write out of bounds when setting Mem[DestPos].
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.chromium.org/p/project-zero/issues/detail?id=1286 | x_refsource_MISC | |
| https://nakedsecurity.sophos.com/2012/11/05/tavis-ormandy-sophos/ | x_refsource_MISC | |
| https://security.gentoo.org/glsa/201709-24 | vendor-advisory, x_refsource_GENTOO | |
| https://community.sophos.com/kb/en-us/118424#six | x_refsource_MISC | |
| https://security.gentoo.org/glsa/201708-05 | vendor-advisory, x_refsource_GENTOO | |
| https://lock.cmpxchg8b.com/sophailv2.pdf | x_refsource_MISC | |
| https://security.gentoo.org/glsa/201804-16 | vendor-advisory, x_refsource_GENTOO | |
| https://kc.mcafee.com/corporate/index?page=content&id=SB10205 | x_refsource_CONFIRM | |
| http://telussecuritylabs.com/threats/show/TSL20121207-01 | x_refsource_MISC | |
| http://securitytracker.com/id?1027725 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T21:36:02.351Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1286", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://nakedsecurity.sophos.com/2012/11/05/tavis-ormandy-sophos/", }, { name: "GLSA-201709-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201709-24", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://community.sophos.com/kb/en-us/118424#six", }, { name: "GLSA-201708-05", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201708-05", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lock.cmpxchg8b.com/sophailv2.pdf", }, { name: "GLSA-201804-16", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201804-16", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10205", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://telussecuritylabs.com/threats/show/TSL20121207-01", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://securitytracker.com/id?1027725", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-06-22T00:00:00", descriptions: [ { lang: "en", value: "A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the \"DestPos\" variable, which allows the attacker to write out of bounds when setting Mem[DestPos].", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-21T09:57:02", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1286", }, { tags: [ "x_refsource_MISC", ], url: "https://nakedsecurity.sophos.com/2012/11/05/tavis-ormandy-sophos/", }, { name: "GLSA-201709-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201709-24", }, { tags: [ "x_refsource_MISC", ], url: "https://community.sophos.com/kb/en-us/118424#six", }, { name: "GLSA-201708-05", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201708-05", }, { tags: [ "x_refsource_MISC", ], url: "https://lock.cmpxchg8b.com/sophailv2.pdf", }, { name: "GLSA-201804-16", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201804-16", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10205", }, { tags: [ "x_refsource_MISC", ], url: "http://telussecuritylabs.com/threats/show/TSL20121207-01", }, { tags: [ "x_refsource_MISC", ], url: "http://securitytracker.com/id?1027725", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2012-6706", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the \"DestPos\" variable, which allows the attacker to write out of bounds when setting Mem[DestPos].", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1286", refsource: "MISC", url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1286", }, { name: "https://nakedsecurity.sophos.com/2012/11/05/tavis-ormandy-sophos/", refsource: "MISC", url: "https://nakedsecurity.sophos.com/2012/11/05/tavis-ormandy-sophos/", }, { name: "GLSA-201709-24", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201709-24", }, { name: "https://community.sophos.com/kb/en-us/118424#six", refsource: "MISC", url: "https://community.sophos.com/kb/en-us/118424#six", }, { name: "GLSA-201708-05", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201708-05", }, { name: "https://lock.cmpxchg8b.com/sophailv2.pdf", refsource: "MISC", url: "https://lock.cmpxchg8b.com/sophailv2.pdf", }, { name: "GLSA-201804-16", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201804-16", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10205", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10205", }, { name: "http://telussecuritylabs.com/threats/show/TSL20121207-01", refsource: "MISC", url: "http://telussecuritylabs.com/threats/show/TSL20121207-01", }, { name: "http://securitytracker.com/id?1027725", refsource: "MISC", url: "http://securitytracker.com/id?1027725", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2012-6706", datePublished: "2017-06-22T13:00:00", dateReserved: "2017-06-22T00:00:00", dateUpdated: "2024-08-06T21:36:02.351Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2007-0855
Vulnerability from cvelistv5
Published
2007-02-08 18:00
Modified
2024-08-07 12:34
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR and possibly other products, allows user-assisted remote attackers to execute arbitrary code via a crafted, password-protected archive.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/33124 | vdb-entry, x_refsource_OSVDB | |
| http://www.novell.com/linux/security/advisories/2007_5_sr.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securityfocus.com/bid/22447 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2007/0523 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/24165 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/32357 | vdb-entry, x_refsource_XF | |
| http://security.gentoo.org/glsa/glsa-200702-04.xml | vendor-advisory, x_refsource_GENTOO | |
| http://secunia.com/advisories/24077 | third-party-advisory, x_refsource_SECUNIA | |
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=472 | third-party-advisory, x_refsource_IDEFENSE | |
| http://securitytracker.com/id?1017593 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T12:34:21.123Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "33124", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/33124", }, { name: "SUSE-SR:2007:005", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2007_5_sr.html", }, { name: "22447", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/22447", }, { name: "ADV-2007-0523", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/0523", }, { name: "24165", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/24165", }, { name: "unrar-password-archive-bo(32357)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/32357", }, { name: "GLSA-200702-04", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200702-04.xml", }, { name: "24077", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/24077", }, { name: "20070207 RARLabs Unrar Password Prompt Buffer Overflow Vulnerability", tags: [ "third-party-advisory", "x_refsource_IDEFENSE", "x_transferred", ], url: "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=472", }, { name: "1017593", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1017593", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-02-07T00:00:00", descriptions: [ { lang: "en", value: "Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR and possibly other products, allows user-assisted remote attackers to execute arbitrary code via a crafted, password-protected archive.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "33124", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/33124", }, { name: "SUSE-SR:2007:005", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2007_5_sr.html", }, { name: "22447", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/22447", }, { name: "ADV-2007-0523", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/0523", }, { name: "24165", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/24165", }, { name: "unrar-password-archive-bo(32357)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/32357", }, { name: "GLSA-200702-04", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200702-04.xml", }, { name: "24077", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/24077", }, { name: "20070207 RARLabs Unrar Password Prompt Buffer Overflow Vulnerability", tags: [ "third-party-advisory", "x_refsource_IDEFENSE", ], url: "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=472", }, { name: "1017593", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1017593", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-0855", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR and possibly other products, allows user-assisted remote attackers to execute arbitrary code via a crafted, password-protected archive.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "33124", refsource: "OSVDB", url: "http://osvdb.org/33124", }, { name: "SUSE-SR:2007:005", refsource: "SUSE", url: "http://www.novell.com/linux/security/advisories/2007_5_sr.html", }, { name: "22447", refsource: "BID", url: "http://www.securityfocus.com/bid/22447", }, { name: "ADV-2007-0523", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2007/0523", }, { name: "24165", refsource: "SECUNIA", url: "http://secunia.com/advisories/24165", }, { name: "unrar-password-archive-bo(32357)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/32357", }, { name: "GLSA-200702-04", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200702-04.xml", }, { name: "24077", refsource: "SECUNIA", url: "http://secunia.com/advisories/24077", }, { name: "20070207 RARLabs Unrar Password Prompt Buffer Overflow Vulnerability", refsource: "IDEFENSE", url: "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=472", }, { name: "1017593", refsource: "SECTRACK", url: "http://securitytracker.com/id?1017593", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-0855", datePublished: "2007-02-08T18:00:00", dateReserved: "2007-02-08T00:00:00", dateUpdated: "2024-08-07T12:34:21.123Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-12942
Vulnerability from cvelistv5
Published
2017-08-18 14:00
Modified
2024-08-05 18:51
Severity ?
EPSS score ?
Summary
libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/oss-sec/2017/q3/290 | x_refsource_MISC | |
| https://kc.mcafee.com/corporate/index?page=content&id=SB10241 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201709-24 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T18:51:07.386Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://seclists.org/oss-sec/2017/q3/290", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10241", }, { name: "GLSA-201709-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201709-24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-08-18T00:00:00", descriptions: [ { lang: "en", value: "libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-15T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://seclists.org/oss-sec/2017/q3/290", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10241", }, { name: "GLSA-201709-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201709-24", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-12942", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://seclists.org/oss-sec/2017/q3/290", refsource: "MISC", url: "http://seclists.org/oss-sec/2017/q3/290", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10241", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10241", }, { name: "GLSA-201709-24", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201709-24", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-12942", datePublished: "2017-08-18T14:00:00", dateReserved: "2017-08-18T00:00:00", dateUpdated: "2024-08-05T18:51:07.386Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-12941
Vulnerability from cvelistv5
Published
2017-08-18 14:00
Modified
2024-08-05 18:51
Severity ?
EPSS score ?
Summary
libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/oss-sec/2017/q3/290 | x_refsource_MISC | |
| https://kc.mcafee.com/corporate/index?page=content&id=SB10241 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201709-24 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T18:51:07.346Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://seclists.org/oss-sec/2017/q3/290", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10241", }, { name: "GLSA-201709-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201709-24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-08-18T00:00:00", descriptions: [ { lang: "en", value: "libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-15T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://seclists.org/oss-sec/2017/q3/290", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10241", }, { name: "GLSA-201709-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201709-24", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-12941", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://seclists.org/oss-sec/2017/q3/290", refsource: "MISC", url: "http://seclists.org/oss-sec/2017/q3/290", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10241", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10241", }, { name: "GLSA-201709-24", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201709-24", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-12941", datePublished: "2017-08-18T14:00:00", dateReserved: "2017-08-18T00:00:00", dateUpdated: "2024-08-05T18:51:07.346Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-14121
Vulnerability from cvelistv5
Published
2017-09-03 20:00
Modified
2024-08-05 19:20
Severity ?
EPSS score ?
Summary
The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a crafted RAR archive. NOTE: this may be the same as one of the several test cases in the CVE-2017-11189 references.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.debian.org/874061 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2017/08/20/1 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/02/msg00026.html | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T19:20:39.917Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.debian.org/874061", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2017/08/20/1", }, { name: "[debian-lts-announce] 20210218 [SECURITY] [DLA 2567-1] unrar-free security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/02/msg00026.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-09-03T00:00:00", descriptions: [ { lang: "en", value: "The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a crafted RAR archive. NOTE: this may be the same as one of the several test cases in the CVE-2017-11189 references.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-09-30T01:50:49", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugs.debian.org/874061", }, { tags: [ "x_refsource_MISC", ], url: "http://www.openwall.com/lists/oss-security/2017/08/20/1", }, { name: "[debian-lts-announce] 20210218 [SECURITY] [DLA 2567-1] unrar-free security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/02/msg00026.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-14121", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a crafted RAR archive. NOTE: this may be the same as one of the several test cases in the CVE-2017-11189 references.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugs.debian.org/874061", refsource: "MISC", url: "https://bugs.debian.org/874061", }, { name: "http://www.openwall.com/lists/oss-security/2017/08/20/1", refsource: "MISC", url: "http://www.openwall.com/lists/oss-security/2017/08/20/1", }, { name: "[debian-lts-announce] 20210218 [SECURITY] [DLA 2567-1] unrar-free security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/02/msg00026.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-14121", datePublished: "2017-09-03T20:00:00", dateReserved: "2017-09-03T00:00:00", dateUpdated: "2024-08-05T19:20:39.917Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-14120
Vulnerability from cvelistv5
Published
2017-09-03 20:00
Modified
2024-08-05 19:20
Severity ?
EPSS score ?
Summary
unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.debian.org/874059 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2017/08/20/1 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/02/msg00026.html | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T19:20:41.067Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.debian.org/874059", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2017/08/20/1", }, { name: "[debian-lts-announce] 20210218 [SECURITY] [DLA 2567-1] unrar-free security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/02/msg00026.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-09-03T00:00:00", descriptions: [ { lang: "en", value: "unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-02-19T00:06:05", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugs.debian.org/874059", }, { tags: [ "x_refsource_MISC", ], url: "http://www.openwall.com/lists/oss-security/2017/08/20/1", }, { name: "[debian-lts-announce] 20210218 [SECURITY] [DLA 2567-1] unrar-free security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/02/msg00026.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-14120", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugs.debian.org/874059", refsource: "MISC", url: "https://bugs.debian.org/874059", }, { name: "http://www.openwall.com/lists/oss-security/2017/08/20/1", refsource: "MISC", url: "http://www.openwall.com/lists/oss-security/2017/08/20/1", }, { name: "[debian-lts-announce] 20210218 [SECURITY] [DLA 2567-1] unrar-free security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/02/msg00026.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-14120", datePublished: "2017-09-03T20:00:00", dateReserved: "2017-09-03T00:00:00", dateUpdated: "2024-08-05T19:20:41.067Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-12938
Vulnerability from cvelistv5
Published
2017-08-18 13:00
Modified
2024-09-16 17:33
Severity ?
EPSS score ?
Summary
UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/oss-sec/2017/q3/290 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T18:51:07.360Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://seclists.org/oss-sec/2017/q3/290", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-18T13:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://seclists.org/oss-sec/2017/q3/290", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-12938", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://seclists.org/oss-sec/2017/q3/290", refsource: "MISC", url: "http://seclists.org/oss-sec/2017/q3/290", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-12938", datePublished: "2017-08-18T13:00:00Z", dateReserved: "2017-08-18T00:00:00Z", dateUpdated: "2024-09-16T17:33:46.905Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2007-3726
Vulnerability from cvelistv5
Published
2007-07-12 16:00
Modified
2024-08-07 14:28
Severity ?
EPSS score ?
Summary
Integer signedness error in the SET_VALUE function in rarvm.cpp in unrar 3.70 beta 3, as used in products including WinRAR and RAR for OS X, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive that causes a negative signed number to be cast to a large unsigned number.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/473376/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/475155/30/5610/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://osvdb.org/39603 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/archive/1/473371/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/2880 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/archive/1/473373/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T14:28:52.242Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20070711 RE: Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/473376/100/0/threaded", }, { name: "20070731 FLEA-2007-0037-1 unrar", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/475155/30/5610/threaded", }, { name: "39603", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/39603", }, { name: "20070711 Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/473371/100/0/threaded", }, { name: "2880", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/2880", }, { name: "20070711 Re: Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/473373/100/0/threaded", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-07-11T00:00:00", descriptions: [ { lang: "en", value: "Integer signedness error in the SET_VALUE function in rarvm.cpp in unrar 3.70 beta 3, as used in products including WinRAR and RAR for OS X, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive that causes a negative signed number to be cast to a large unsigned number.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-15T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20070711 RE: Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/473376/100/0/threaded", }, { name: "20070731 FLEA-2007-0037-1 unrar", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/475155/30/5610/threaded", }, { name: "39603", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/39603", }, { name: "20070711 Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/473371/100/0/threaded", }, { name: "2880", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/2880", }, { name: "20070711 Re: Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/473373/100/0/threaded", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-3726", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Integer signedness error in the SET_VALUE function in rarvm.cpp in unrar 3.70 beta 3, as used in products including WinRAR and RAR for OS X, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive that causes a negative signed number to be cast to a large unsigned number.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20070711 RE: Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/473376/100/0/threaded", }, { name: "20070731 FLEA-2007-0037-1 unrar", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/475155/30/5610/threaded", }, { name: "39603", refsource: "OSVDB", url: "http://osvdb.org/39603", }, { name: "20070711 Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/473371/100/0/threaded", }, { name: "2880", refsource: "SREASON", url: "http://securityreason.com/securityalert/2880", }, { name: "20070711 Re: Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/473373/100/0/threaded", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-3726", datePublished: "2007-07-12T16:00:00", dateReserved: "2007-07-11T00:00:00", dateUpdated: "2024-08-07T14:28:52.242Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-20006
Vulnerability from cvelistv5
Published
2021-07-01 02:54
Modified
2024-08-05 21:45
Severity ?
EPSS score ?
Summary
UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString (called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile).
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2017-104.yaml | x_refsource_MISC | |
| https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4373 | x_refsource_MISC | |
| https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T21:45:24.540Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2017-104.yaml", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4373", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString (called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-01T02:54:44", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2017-104.yaml", }, { tags: [ "x_refsource_MISC", ], url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4373", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-20006", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString (called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2017-104.yaml", refsource: "MISC", url: "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2017-104.yaml", }, { name: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4373", refsource: "MISC", url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4373", }, { name: "https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779", refsource: "MISC", url: "https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-20006", datePublished: "2021-07-01T02:54:44", dateReserved: "2021-07-01T00:00:00", dateUpdated: "2024-08-05T21:45:24.540Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-48579
Vulnerability from cvelistv5
Published
2023-08-07 00:00
Modified
2024-10-17 13:57
Severity ?
EPSS score ?
Summary
UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:17:55.271Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/pmachapman/unrar/commit/2ecab6bb5ac4f3b88f270218445496662020205f#diff-ca3086f578522062d7e390ed2cd7e10f646378a8b8cbf287a6e4db5966df68ee", }, { name: "[debian-lts-announce] 20230817 [SECURITY] [DLA 3535-1] unrar-nonfree security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00023.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-48579", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-17T13:56:53.717564Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-17T13:57:07.973Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-17T18:07:31.128934", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/pmachapman/unrar/commit/2ecab6bb5ac4f3b88f270218445496662020205f#diff-ca3086f578522062d7e390ed2cd7e10f646378a8b8cbf287a6e4db5966df68ee", }, { name: "[debian-lts-announce] 20230817 [SECURITY] [DLA 3535-1] unrar-nonfree security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00023.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-48579", datePublished: "2023-08-07T00:00:00", dateReserved: "2023-08-07T00:00:00", dateUpdated: "2024-10-17T13:57:07.973Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-25018
Vulnerability from cvelistv5
Published
2021-07-01 02:54
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write during a memcpy in QuickOpen::ReadRaw when called from QuickOpen::ReadNext.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2018-204.yaml | x_refsource_MISC | |
| https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9845 | x_refsource_MISC | |
| https://github.com/aawc/unrar/releases | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:39.592Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2018-204.yaml", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9845", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/aawc/unrar/releases", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write during a memcpy in QuickOpen::ReadRaw when called from QuickOpen::ReadNext.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-01T02:54:03", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2018-204.yaml", }, { tags: [ "x_refsource_MISC", ], url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9845", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/aawc/unrar/releases", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-25018", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write during a memcpy in QuickOpen::ReadRaw when called from QuickOpen::ReadNext.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2018-204.yaml", refsource: "MISC", url: "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2018-204.yaml", }, { name: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9845", refsource: "MISC", url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9845", }, { name: "https://github.com/aawc/unrar/releases", refsource: "MISC", url: "https://github.com/aawc/unrar/releases", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-25018", datePublished: "2021-07-01T02:54:03", dateReserved: "2021-07-01T00:00:00", dateUpdated: "2024-08-05T12:26:39.592Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-30333
Vulnerability from cvelistv5
Published
2022-05-09 00:00
Modified
2025-01-29 16:18
Severity ?
EPSS score ?
Summary
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:48:35.705Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.rarlab.com/rar_add.htm", }, { tags: [ "x_transferred", ], url: "https://www.rarlab.com/rar/rarlinux-x32-612.tar.gz", }, { tags: [ "x_transferred", ], url: "https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/167989/Zimbra-UnRAR-Path-Traversal.html", }, { name: "[debian-lts-announce] 20230817 [SECURITY] [DLA 3534-1] rar security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00022.html", }, { name: "GLSA-202309-04", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202309-04", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2022-30333", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-29T16:18:17.553759Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-08-09", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-30333", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-59", description: "CWE-59 Improper Link Resolution Before File Access ('Link Following')", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-22", description: "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-29T16:18:20.605Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-17T06:06:09.291Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.rarlab.com/rar_add.htm", }, { url: "https://www.rarlab.com/rar/rarlinux-x32-612.tar.gz", }, { url: "https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/", }, { url: "http://packetstormsecurity.com/files/167989/Zimbra-UnRAR-Path-Traversal.html", }, { name: "[debian-lts-announce] 20230817 [SECURITY] [DLA 3534-1] rar security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00022.html", }, { name: "GLSA-202309-04", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202309-04", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-30333", datePublished: "2022-05-09T00:00:00.000Z", dateReserved: "2022-05-07T00:00:00.000Z", dateUpdated: "2025-01-29T16:18:20.605Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }