CVE-2017-14121NULL Pointer Dereference in Unrar

CWE-476NULL Pointer Dereference5 documents5 sources
Severity
5.5MEDIUMNVD
CNA6.5OSV6.5
EPSS
0.2%
top 58.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Rarzilla Unrar-freeDebian LinuxRarlab Unrar
Timeline
PublishedSep 3
Latest updateMay 13

Description

The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a crafted RAR archive. NOTE: this may be the same as one of the several test cases in the CVE-2017-11189 references.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

Debianrarzilla/unrar-free< 1:0.0.1+cvs20140707-4+3
NVDrarlab/unrar0.0.1

Also affects: Debian Linux 9.0

🔴Vulnerability Details

3
GHSA
GHSA-r9qm-gm5q-gx7p: The DecodeNumber function in unrarlib2022-05-13
CVEList
CVE-2017-14121: The DecodeNumber function in unrarlib2017-09-03
OSV
CVE-2017-14121: The DecodeNumber function in unrarlib2017-09-03

📋Vendor Advisories

1
Debian
CVE-2017-14121: unrar-free - The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-...2017
CVE-2017-14121 — NULL Pointer Dereference in Unrar | cvebase