CVE-2007-0855 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Unrar

5 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

5.5%

top 9.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Rarlab RAR Rarlab Unrar

Timeline

PublishedFeb 8

Latest updateMay 1

Description

Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR and possibly other products, allows user-assisted remote attackers to execute arbitrary code via a crafted, password-protected archive.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶NVDrarlab/unrar3.60, 3.61+1

▶Debianrarlab/rar< 1:3.7b1-1+3

Patches

Patch: labs.idefense.com ↗Patch: secunia.com ↗Patch: securitytracker.com ↗

🔴Vulnerability Details

GHSA

GHSA-7ggr-fg9x-qrm2: Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR and possibly other products, allows user-assisted remote attackers to execute arbi↗2022-05-01

▶

CVEList

CVE-2007-0855: Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR and possibly other products, allows user-assisted remote attackers to execute arbi↗2007-02-08

▶

OSV

CVE-2007-0855: Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR and possibly other products, allows user-assisted remote attackers to execute arbi↗2007-02-08

▶

📋Vendor Advisories

Debian

CVE-2007-0855: rar - Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR and possibly...↗2007

▶