PT-2022-6822 · Winrar+4 · Winrar+4

Goodbyeselene

Published

2022-05-15

Updated

2026-01-18

CVE-2023-40477

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions WinRAR versions prior to 6.23

Description This vulnerability allows remote attackers to execute arbitrary code on affected installations of WinRAR. User interaction is required to exploit this vulnerability, where the target must visit a malicious page or open a malicious file. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

Recommendations Update to WinRAR version 6.23 or later to resolve the issue. As a temporary workaround, consider avoiding the use of recovery volumes in WinRAR until a patch is applied. Additionally, be cautious when opening files from untrusted sources and avoid clicking on suspicious links to minimize the risk of exploitation.

Exploit

Fix

RCE

Improper Validation of Array Index

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-129

Related Identifiers

ALT-PU-2022-1866

ALT-PU-2022-1959

ALT-PU-2022-2424

ALT-PU-2025-5948

BDU:2023-04819

CVE-2023-40477

DLA-3542-1

DLA-3543-1

DLA-3653-1

MGASA-2023-0258

OPENSUSE-SU-2023_4415-1

OPENSUSE-SU-2024:13394-1

SUSE-SU-2023:4297-1

SUSE-SU-2023:4415-1

SUSE-SU-2023_4297-1

SUSE-SU-2023_4415-1

USN-6569-1

USN-7349-1

USN-7350-1

ZDI-23-1152

Affected Products

Astra Linux

Linuxmint

Suse

Ubuntu

Winrar

PT-2022-6822 · Winrar+4 · Winrar+4

CVE-2023-40477

Weakness Enumeration

Related Identifiers

Affected Products

References · 132