CVE-2018-25018Out-of-bounds Write in Unrar

CWE-787Out-of-bounds WriteCWE-863Incorrect Authorization6 documents6 sources
Severity
7.8HIGHNVD
EPSS
0.4%
top 38.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Rarlab Unrar
Timeline
PublishedJul 1
Latest updateMay 24

Description

UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write during a memcpy in QuickOpen::ReadRaw when called from QuickOpen::ReadNext.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

NVDrarlab/unrar5.6.1.75.7.4+1

Patches

Patch: bugs.chromium.orgPatch: bugs.chromium.org

🔴Vulnerability Details

3
GHSA
GHSA-64hf-v92v-mrg5: UnRAR 52022-05-24
CVEList
CVE-2018-25018: UnRAR 52021-07-01
OSV
CVE-2018-25018: UnRAR 52021-07-01

📋Vendor Advisories

2
Red Hat
krb5-appl: Improper directory name validation allows malicious server to bypass access restrictions2021-02-02
Debian
CVE-2018-25018: unrar-nonfree - UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write during a memcpy...2018
CVE-2018-25018 — Out-of-bounds Write in Rarlab Unrar | cvebase