cbcvebase.
CVE-2007-3726
published 2007-07-12

CVE-2007-3726: Integer signedness error in the SET_VALUE function in rarvm.cpp in unrar 3.70 beta 3, as used in products including WinRAR and RAR for OS X, allows…

PriorityP412medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
2.13%
79.7th percentile
Integer signedness error in the SET_VALUE function in rarvm.cpp in unrar 3.70 beta 3, as used in products including WinRAR and RAR for OS X, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive that causes a negative signed number to be cast to a large unsigned number.

Affected

7 ranges
VendorProductVersion rangeFixed in
debianrar< rar 1:3.7b1-1 (bookworm)rar 1:3.7b1-1 (bookworm)
debianunrar-nonfree< rar 1:3.7b1-1 (bookworm)rar 1:3.7b1-1 (bookworm)
rarlabrar>= 0 < 1:3.7b1-11:3.7b1-1
rarlabrar>= 0 < 1:3.7b1-11:3.7b1-1
rarlabrar>= 0 < 1:3.7b1-11:3.7b1-1
rarlabrar>= 0 < 1:3.7b1-11:3.7b1-1
rarlabunrar

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_debian4.3LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.