CVE-2018-20253Out-of-bounds Write in Winrar

CWE-787Out-of-bounds Write3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.7%
top 27.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Rarlab WinrarCheck Point Software Technologies LTD Winrar
Timeline
PublishedFeb 13
Latest updateMay 13

Description

In WinRAR versions prior to and including 5.60, There is an out-of-bounds write vulnerability during parsing of a crafted LHA / LZH archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDrarlab/winrar5.60
CVEListV5check_point_software_technologies_ltd/winrarAll versions prior and including 5.60

🔴Vulnerability Details

2
GHSA
GHSA-rc2h-948p-g7mf: In WinRAR versions prior to and including 52022-05-13
CVEList
CVE-2018-20253: In WinRAR versions prior to and including 52019-02-13
CVE-2018-20253 — Out-of-bounds Write in Rarlab Winrar | cvebase