CVE-2017-20006 — Out-of-bounds Write in Unrar

Severity

7.8HIGHNVD

EPSS

0.4%

top 41.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedJul 1

Latest updateMay 24

Description

UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString (called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile).

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

▶NVDrarlab/unrar5.6.1.2, 5.6.1.3+1

GHSA

GHSA-pwpf-mf84-2wmh: UnRAR 5↗2022-05-24

▶

CVEList

CVE-2017-20006: UnRAR 5↗2021-07-01

▶

OSV

CVE-2017-20006: UnRAR 5↗2021-07-01

▶

Debian

CVE-2017-20006: unrar-nonfree - UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString...↗2017

▶