Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-3912 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Winrar

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents4 sources
Severity
2.1LOWNVD
EPSS
0.9%
top 24.09%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Rarlab Winrar
Timeline
PublishedJul 28
Latest updateMay 1

Description

Stack-based buffer overflow in the SFX module in WinRAR before 3.60 beta 8 has unspecified vectors and impact.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

â–¶NVDrarlab/winrar3.60_beta8

🔴Vulnerability Details

2
GHSA
GHSA-rj85-5799-v7f2: Stack-based buffer overflow in the SFX module in WinRAR before 3↗2022-05-01
â–¶
CVEList
CVE-2006-3912: Stack-based buffer overflow in the SFX module in WinRAR before 3↗2006-07-28
â–¶

💥Exploits & PoCs

3
Exploit-DB
WinRAR 3.60 Beta 6 (French) - SFX Path Local Stack Overflow↗2006-07-07
â–¶
Exploit-DB
WinRAR 3.60 Beta 6 - SFX Path Local Stack Overflow↗2006-07-05
â–¶
Exploit-DB
WinRAR 3.60 Beta 6 - SFX Path Stack Overflow↗2006-07-05
â–¶
CVE-2006-3912 — Rarlab Winrar vulnerability | cvebase