PT-2018-3778 · Rarlab · Unrar
Publicado
2018-08-12
·
Atualizado
2021-07-07
·
CVE-2018-25018
CVSS v2.0
10
Alta
| Vetor | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
UnRAR versions 5.6.1.7 through 5.7.4
UnRAR version 6.0.3
Description
The issue is related to an out-of-bounds write during a memcpy in
QuickOpen::ReadRaw when called from QuickOpen::ReadNext. This can allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service.Recommendations
For UnRAR versions 5.6.1.7 through 5.7.4, consider updating to a version that fixes the out-of-bounds write issue in
QuickOpen::ReadRaw.
For UnRAR version 6.0.3, consider updating to a version that fixes the out-of-bounds write issue in QuickOpen::ReadRaw.
As a temporary workaround, consider disabling the QuickOpen::ReadRaw function until a patch is available.Exploit
Correção
Memory Corruption
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Unrar