CVE-2017-20006

Name of the Vulnerable Software and Affected Versions UnRAR versions 5.6.1.2 through 5.6.1.3

Description The issue is related to a heap-based buffer overflow in the Unpack::CopyString function, which is called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile. This can be exploited by a remote attacker to access confidential data, compromise data integrity, and cause a denial of service.

Recommendations For UnRAR versions 5.6.1.2 and 5.6.1.3, consider disabling the Unpack::CopyString function as a temporary workaround until a patch is available. Restrict access to the UnRAR unpacking functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.