PT-2017-2760 · Rarlab+2 · Unrar+2

Jakub Wilk

Published

2017-08-15

Updated

2021-08-25

CVE-2017-12942

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions UnRAR versions prior to 5.5.7

Description The issue is caused by a buffer overflow in the Unpack::LongLZ function of the libunrar.a library in UnRAR. This can allow a remote attacker to cause the application to crash.

Recommendations For versions prior to 5.5.7, update to version 5.5.7 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Unpack::LongLZ function until a patch is available.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2017-2147

BDU:2017-02009

CVE-2017-12942

MGASA-2017-0302

MGASA-2017-0304

SUSE-SU-2018:0862-1

SUSE-SU-2021:2834-1

Affected Products

Alt Linux

Suse

Unrar

PT-2017-2760 · Rarlab+2 · Unrar+2

CVE-2017-12942

Weakness Enumeration

Related Identifiers

Affected Products

References · 37