⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.. Due date: 2023-09-14.

CVE-2023-38831Insufficient Verification of Data Authenticity in Winrar

CWE-345Insufficient Verification of Data AuthenticityCWE-351Insufficient Type DistinctionCWE-693Protection Mechanism Failure19 documents13 sources
Severity
7.8HIGHNVD
EPSS
93.9%
top 0.13%
CISA KEV
KEVRansomware
Added 2023-08-24
Due 2023-09-14
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Rarlab Winrar
Timeline
PublishedAug 23
KEV addedAug 24
KEV dueSep 14
Latest updateMay 7
CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through October 2023.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

NVDrarlab/winrar< 6.23

🔴Vulnerability Details

4
CVEList
CVE-2023-38831: RARLAB WinRAR before 62023-08-23
GHSA
GHSA-w5x7-vwr2-4x27: RARLabs WinRAR before 62023-08-23
VulnCheck
RARLAB WinRAR Code Execution Vulnerability2023
Project0
Project Zero RCA: CVE-2023-38831: RARLAB WinRAR Code Execution Vulnerability

💥Exploits & PoCs

2
Exploit-DB
WinRAR version 6.22 - Remote Code Execution via ZIP archive2024-03-28
Metasploit
WinRAR CVE-2023-38831 Exploit

📋Vendor Advisories

2
CISA
Microsoft SmartScreen Prompt Security Feature Bypass Vulnerability2024-04-30
CISA
RARLAB WinRAR Code Execution Vulnerability2023-08-24

🕵️Threat Intelligence

9
Securelist
Exploits and vulnerabilities in Q1 20242024-05-07
Bleepingcomputer
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies2023-11-19
Bleepingcomputer
France says Russian state hackers breached numerous critical networks2023-10-26
Google Tag
Government-backed actors exploiting WinRAR vulnerability2023-10-18
Bleepingcomputer
Google links WinRAR exploitation to Russian, Chinese state hackers2023-10-18
CVE-2023-38831 — Rarlab Winrar vulnerability | cvebase