CVE-2017-11189 — NULL Pointer Dereference in Unrar-free

CWE-476 — NULL Pointer Dereference5 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.4%

top 39.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Rarzilla Unrar-free

Timeline

PublishedJul 12

Latest updateMay 13

Description

unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash), which could be relevant if unrarlib is used as library code for a long-running application. NOTE: one of the several test cases in the references may be the same as what was separately reported as CVE-2017-14121.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶Debianrarzilla/unrar-free< 1:0.0.1+cvs20140707-4+3

▶NVDrarzilla/unrar-free0.0.1

🔴Vulnerability Details

GHSA

GHSA-p6mg-m475-qfff: unrarlib↗2022-05-13

▶

CVEList

CVE-2017-11189: unrarlib↗2017-07-12

▶

OSV

CVE-2017-11189: unrarlib↗2017-07-12

▶

📋Vendor Advisories

Debian

CVE-2017-11189: unrar-free - unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a denial of...↗2017

▶