PT-2022-16113 · Junrar · Junrar

Han0Nly

Published

2022-02-01

Updated

2022-02-04

CVE-2022-23596

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Junrar versions prior to 7.4.1

Description A carefully crafted RAR archive can trigger an infinite loop while extracting the archive. The impact depends on how the application uses the library and whether files can be provided by malignant users.

Recommendations For versions prior to 7.4.1, upgrade to version 7.4.1 as soon as possible, as there are no known workarounds for this issue.

Exploit

Fix

Infinite Loop

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835CWE-400

Related Identifiers

CVE-2022-23596

GHSA-M6CJ-93V6-CVR5

Affected Products

Junrar

PT-2022-16113 · Junrar · Junrar

CVE-2022-23596

Weakness Enumeration

Related Identifiers

Affected Products

References · 8